From 33f4439ee283e2df5e156f916d1e9950b287eba7 Mon Sep 17 00:00:00 2001 From: Bjorn Tipling Date: Fri, 7 Mar 2025 16:21:13 -0800 Subject: [PATCH] Also grant expand user access. With out this change, if access was provisioned via a user entitlement will be moved to a group assignment, because that's how the access is actually established. So no matter how you got the access you will now both have a user and a group entitlement for that access to an app. Only the user one is requestable. I am not aware of a workaround --- pkg/connector/pages.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/connector/pages.go b/pkg/connector/pages.go index e157e3be..aab8251c 100644 --- a/pkg/connector/pages.go +++ b/pkg/connector/pages.go @@ -197,9 +197,10 @@ func (s *pageSyncer) Grants(ctx context.Context, resource *v2.Resource, pToken * }, } - newGrant := grant.NewGrant(resource, fmt.Sprintf("%s:%s", "group", level), groupId, grant.WithAnnotation(grantExpandable)) + newGroupGrant := grant.NewGrant(resource, fmt.Sprintf("%s:%s", "group", level), groupId, grant.WithAnnotation(grantExpandable)) + newUserGrant := grant.NewGrant(resource, fmt.Sprintf("%s:%s", "user", level), groupId, grant.WithAnnotation(grantExpandable)) - ret = append(ret, newGrant) + ret = append(ret, newGroupGrant, newUserGrant) } bag.Pop()