On 09/12/22 15:52, Lionel SCHWARZ wrote:
Dear all,
Could someone explain me how dynRoles works? because I found something strange
and am not sure if I missed sthg or not...
I have created a role with "dynMembershipCond" based on users having a certain
relationship. This works fine as after creating the role, all users that have this relationship got
the role in "dynRoles".
However, when I then create a new user with such a relationship, it does not
get the the role (and if I then update the role, the new user gets it!)
Is there anything more I need to do at creation, or something I misconfigured?
Hi Lionel,
dynamic (group or role) membership is a weird feature, as it basically saves
the results of a user query (e.g. the dynamic membership condition) every time
that either the group / role or user are saved.
Unfortunately, it has proven to perform decently only with small numbers.
Every time a user gets saved, all existing Roles with dynamic conditions are
considered to see if the user is matching so that the saved query results are
updated.
Similarly, when groups or roles with dynamic conditions are saved, a query for
all users matching the condition is run, again to update the saved query
results.
The case you are describing above might be possibly not working because of the condition
based on a "dependent" element as a relationship, so the matching process is
failing in first place (e.g. when the user is created) but is succeeding later (e.g. when
the role is updated).
You might want to try using a different condition, based on a user attribute,
to see if that works for new users as well.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
