Closed jjleigh closed 2 years ago
Hope this helps, Leela
@leelalagudu Thank you for the update! Is it possible to have this change in before June 10?
@jjleigh , I am aiming to push the first part of the change as part of the bug fixes for permission set schema validation. I will update in case this is changed
@jjleigh , this is now handled with PR #89 . For reference, this is the behaviour the solution would have:
SupportNestedOU
is set to true
in your config, if an account assignment is set for OU.1, then all the 10 accounts will be provisioned with the account assignment. When the account moves anywhere under OU.1, the account assignment is still retained. When the account moves out of OU.1, then this account assignment is deleted.Hope this helps with your use case, Leela
When you try to create an account provision using an OU that has tripple or more levels of nesting the provisioning does not work. No error no indication of failure. The messages are not enqueued but the links handler lambda is triggered.
Example structure:
If an account assignment is created for OU.1 none of the accounts nested in the grandchildren OUs will be assigned to the permission set. No error will occur.