0
Planned

Identifying previously denied entities in UNIFYBroker/Plus post-provisioning and synchronisation tasks

Adrian Corston 2 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 2 years ago 2

Entities that have been pushed onto $denySync in an link's pre-provisioning task may need to be excluded from certain operations in the synchronisation and post-provisioning tasks.  For example, if an AD user has not been excluded from provisioning then an attempt to assign birthright AD groups will always fail, and should not be performed.

If would be helpful if there was some mechanism (e.g. a $denySync.ContainsEntity($Entity) method which returns $True if the entity has been .Push()ed previously) to allow detection of this situation.

The current workaround is to duplicate/copy the code from the pre-provisioning task which determines when to add the entity to $denySync into the post-provisioning and/or synchronisation task.

Under review

Hi Adrian,

Thanks for the suggestion. Have added it to the backlog.