We’ve defined several Access Role using the Organizations in the User Store as criteria in the membership rule
Access_Role_1: Member Rule in Organization “SALES"
Access_Role_2: Member Rule in Organization “MARKETING"
So that every user contained in the organisation SALES will be given Access_Role_1 and those in MARKETING will be given Access_Role_2.
In the “Add Action” section we’ve configured that when a user is added/removed as a member of this role a multi value attribute of the user profile should be set.
We need to bind the assign and revoke Access Roles events to some Policy Express to perform some business logic; so we created one Policy Express bound to AssignAccessRoleEvent and another one to RevokeAccessRoleEvent.
It looks like those two events never fires, as:
- The Add Action is not performed; the multi value attribute of the user is not updated when a user achieves the role by being moved to one of the organisations mentioned before.
- The PXs are not called.