Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-12259

New assignment is not reflected in onSync script hook when a new role with its members and assignments is created in one REST call

    Details

    • Target Version/s:
    • Story Points:
      2
    • Sprint:
      2020.02 - IDM, 2020.03 - IDM
    • Support Ticket IDs:

      Description

      When a new role is created with its members and assignments in one REST call, the new assignment relationship is not reflected in the effectiveAssignments of the managed/user. Consequently the assignment is not synced to an external target system for the managed/user.

      For example, we have an existing managed/user/4b35f687-83b3-4306-8814-c5cda5fef468, and an existing managed/assignment/cd53c005-13d0-4d14-b39c-d5526498b3b4.

      1. Create a role, then add a user as member, then add an assignment

      The managed/user onUpdate and onSync script hooks are activated after adding the user as a member, and after adding an assignment. The onSync script hook after adding an assignment shows the updated effective assignment.

      Dec 05, 2018 2:42:33.635 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: onSync managed/role { "name": "Sales-Role", "_id": "7c0769d5-a22b-448c-b8cb-214655b475d1", "_rev": "1" }
      
      Dec 05, 2018 2:42:34.035 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: onUpdate managed/user is called
      
      Dec 05, 2018 2:42:34.047 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: calling onSync managed/user { "userName": "user10", "givenName": "user10", "sn": "test", "mail": "user10@example.com", "accountStatus": "active", "effectiveRoles": [ { "_ref": "managed/role/7c0769d5-a22b-448c-b8cb-214655b475d1" } ],* "effectiveAssignments": [ { "name": "Sales-Assignment", "description": "Test relationship notification", "mapping": "managedUser_systemDjAccount", "_id": "cd53c005-13d0-4d14-b39c-d5526498b3b4", "_rev": "0" } ],* "_id": "4b35f687-83b3-4306-8814-c5cda5fef468", "_rev": "79", "createdBy": "4b35f687-83b3-4306-8814-c5cda5fef468", "lastSync": { "managedUser_systemDjAccount": { "effectiveAssignments": [  ], "timestamp": "2018-11-22T16:26:15.615" } }, "preferences": { "updates": false, "marketing": false } }
      

      2. Create role, then add an assignment, then add a user member

      The managed/user onUpdate and onSync script hooks are activated after adding the user member.

      Dec 05, 2018 2:45:01.457 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: onUpdate managed/user is called
      
      Dec 05, 2018 2:45:01.482 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: calling onSync managed/user { "userName": "user10", "givenName": "user10", "sn": "test", "mail": "user10@example.com", "accountStatus": "active", "effectiveRoles": [ { "_ref": "managed/role/65b61f03-1390-4e7d-9983-d64a068f9ecd" } ], *"effectiveAssignments": [ { "name": "Sales-Assignment", "description": "Test relationship notification", "mapping": "managedUser_systemDjAccount", "_id": "cd53c005-13d0-4d14-b39c-d5526498b3b4", "_rev": "0" } ],* "_id": "4b35f687-83b3-4306-8814-c5cda5fef468", "_rev": "81", "createdBy": "4b35f687-83b3-4306-8814-c5cda5fef468", "lastSync": { "managedUser_systemDjAccount": { "effectiveAssignments": [  ], "timestamp": "2018-11-22T16:26:15.615" } }, "preferences": { "updates": false, "marketing": false } }
      

      3. Create role with a member and an assignment in one REST call

      The managed/user onUpdate and onSync script hooks are activated, but the effectiveAssignments doesn't reflect the assignment added to the role.

      -> Dec 05, 2018 2:39:41.246 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: onUpdate managed/user is called
      
      Dec 05, 2018 2:39:41.303 PM org.forgerock.openidm.script.scope.FunctionFactory$1 call
      SEVERE: calling onSync managed/user { "userName": "user10", "givenName": "user10", "sn": "test", "mail": "user10@example.com", "accountStatus": "active", "effectiveRoles": [ { "_ref": "managed/role/5ba8ddc3-c162-49b8-a692-10828010a854" }, { "_ref": "managed/role/4c41aac1-4976-46a7-b85c-f52f8b600f92" } ], *"effectiveAssignments": [  ]*, "_id": "4b35f687-83b3-4306-8814-c5cda5fef468", "_rev": "75", "createdBy": "4b35f687-83b3-4306-8814-c5cda5fef468", "lastSync": { "managedUser_systemDjAccount": { "effectiveAssignments": [  ], "timestamp": "2018-11-22T16:26:15.615" } }, "preferences": { "updates": false, "marketing": false } }
      

        Attachments

          Activity

            People

            • Assignee:
              alin Alin Brici
              Reporter:
              yinyan.cao Yinyan Cao
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: