Project

General

Profile

Actions

Task #552

closed

Do provisioning after every role (de)assignment

Added by Jan Helbich over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jan Helbich
Category:
Provisioning
Target version:
Start date:
06/28/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Currently if added role does not assign new system, provisioning is not executed.

Also provisioning when role is removed is executed with priority -1000, therefore it is executed before the IdmIdenityRole relation is deleted.
This produces unwanted results in some cases, for example if I map provisioning of all role name into system and role is deleted, the deleted role is also sent into system.

Actions #1

Updated by Jan Helbich over 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Jan Helbich to Vít Švanda

I've disabled the optional provisioning after role assignement, commit 0ef62ae83b56ce4c4efd9d70d08fdd02b30ab8a0.

For role removal, I've divided the original provisioning processor into two:
  • first processor IdentityRoleDeleteAccountProcessor deletes acc_account mapping before role delete (-1000)
  • second processor invokes provisioning after role save, IdentityRoleDeleteAccountProcessor - priority (1000)
    commit 7dce18c9a25d2af179962fab1a6256840c4a09b8
Actions #2

Updated by Vít Švanda over 7 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Jan Helbich
  • % Done changed from 0 to 100

I did review. I agree with this behavior. I little improved description of processor.

Actions #3

Updated by Radek Tomiška over 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF