On 04/11/20 10:36, te...@net-c.com wrote: > Hi, > > I use syncope 2.1.7 > > I have exported then imported a MasterContent.xml on a new platform. > > On this new platform, after deployment, I see that every role has dynamic > membership set (using GROUP_MEMBERSHIP IN) as expected. > > Then I add my users (using the REST API) with the right group memberships as > it was previously. > > Finally I log-in with my users just added, but I see that nobody has any > role, it seems that role dynamic memberships are not taken into account > somehow. This is checked by viewing "members" for every role. No role has a > member. > > In order to workaround this, it seems necessary to "reload" roles by "edit -> > finish" on every role. After that, users have their roles as planned.
Hi, this sounds quite odd. Nothing connected to users is included in export (for both security and practical reasons), including static and dynamic membership information, but as soon as an user gets saved, their dynamic membership information are set [1]. The workaround you are suggesting above does actually force a refresh for all existing users, upon Role save [2]; I wonder what happens to users getting created *after* the Role workaround save is performed: do they become dynamic members of the Role? Regards. [1] https://github.com/apache/syncope/blob/2_1_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARoleDAO.java#L180 [2] https://github.com/apache/syncope/blob/2_1_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARoleDAO.java#L104 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
