Task #468
Updated by Radek Tomiška about 6 years ago
When we add the role that has some account mapping for managed system, to some user - e.g. LDAP, the account management is started synchronously. It also counts the attributes for the account including the transform scripts. It would not be so bad if you assign the role manually, but there are other features like Automatic roles and Identity automated processes. Altogether when there is an error in script on system mapping (and with current system of script sendboxes, there will be errors all the time), you are not able to run e.g. LRT for automatic roles.
Separation of account management from role assignment would be really good there, but I know that new queue would be necessary (or move it to provisioning queue)
https://wiki.czechidm.com/priv/program800/dirty_flag