Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13213

Editing the members property of the managed role object schema breaks conditional provisioning role members

    XMLWordPrintable

    Details

      Description

      I came across an interesting issue while testing the IDM400 labs on 6.5.0.1. If I edit the `members` property within the Managed Role object schema, and add a property to the Display Properties, within the Relationship Configuration, and save the changes, the next time I create a Provisioning Role and add a Condition, the members only show up in the Authorized Role Members tab and NOT the Role Members tab. Before editing the Managed Role object, members were added to both tabs. The end result is that the user no longer has an effective role, and managed assignments do not work. If I go back and edit the `members` property, and remove the added Display Property, it still doesn’t work after that. I saw no related logs indicating an error. I worked around the issue by avoiding editing the managed role object.

      This was easy to reproduce by spinning up a new IDM instance, adding a test user and role, then adding a new display property to the members property of the managed role object schema. Then set a condition on the role like /userName contains test.

        Attachments

          Activity

            People

            Assignee:
            oliver.bradley Oliver Bradley
            Reporter:
            bgallantfr Blair Gallant
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: