Task #552
closed
Do provisioning after every role (de)assignment
Added by Jan Helbich over 7 years ago.
Updated over 7 years ago.
Description
Currently if added role does not assign new system, provisioning is not executed.
Also provisioning when role is removed is executed with priority -1000, therefore it is executed before the IdmIdenityRole relation is deleted.
This produces unwanted results in some cases, for example if I map provisioning of all role name into system and role is deleted, the deleted role is also sent into system.
- Status changed from In Progress to Needs feedback
- Assignee changed from Jan Helbich to Vít Švanda
I've disabled the optional provisioning after role assignement, commit 0ef62ae83b56ce4c4efd9d70d08fdd02b30ab8a0.
For role removal, I've divided the original provisioning processor into two:
- first processor IdentityRoleDeleteAccountProcessor deletes acc_account mapping before role delete (-1000)
- second processor invokes provisioning after role save, IdentityRoleDeleteAccountProcessor - priority (1000)
commit 7dce18c9a25d2af179962fab1a6256840c4a09b8
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Jan Helbich
- % Done changed from 0 to 100
I did review. I agree with this behavior. I little improved description of processor.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
