There are quite some problems that can happen if external groups (or better external roles, AEM groups that have externalId set) are used to build up other roles. Problems are
If a role is open for adding member on AEM side, then roles show up in the members list
IMS uses dynamic groups that can lead to javax.jcr.nodetype.ConstraintViolationException: OakConstraint0077
Therefore it should be validated that groups with externalId set are not used in isMemberOf clauses - if a configuration contains such a setup, an error should be thrown.
There are quite some problems that can happen if external groups (or better external roles, AEM groups that have
externalId
set) are used to build up other roles. Problems arejavax.jcr.nodetype.ConstraintViolationException: OakConstraint0077
Therefore it should be validated that groups with
externalId
set are not used inisMemberOf
clauses - if a configuration contains such a setup, an error should be thrown.