...
| Code Block |
|---|
{
"RuleDefinition":{
"actAs":{
"sourceId":"kerberosPrincipals",
"subjectId":"myApp/myServer.school.edu"
},
"check":{
"group":"a:b:c",
"type":"flattenedMembershipRemove"
},
"ifCondition":"",
"then":"${RulesUtils.removeMember(thisGroupName, subjectSourceId, subjectId}"
}
}
|
sadf
Daemon component
If the rule is not scripted, then we have the opportunity to run it in daemon mode at the time the rule was added or changed, or periodically (nightly/weekly) to reduce data corruptions. Some rules might not want this to happen (e.g. on group create set permissions, if you do this nightly then you cant remove permissions)
Error handling
If the rule execution fails for some reason, it should be logged (which could include emailing administrators), but it probably should not affect the transaction of the operation that triggered the rule. Maybe this can be a setting on a per rule basis and where applicable (e.g. if it is a flattened membership rule trigger, then there is no transaction since the rule fires post commit anyways.