Details
Description
Environment (Required on creation):
Camunda Automation Platform 7.17.1
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):
When deleting a tenant membership using IdentityService#deleteTenantUserMembership or IdentityService#deleteTenantGroupMembership all memberships for the tenant are deleted.
Steps to reproduce (Required on creation):
- Enable Authorization
- Create two groups
- Create a tenant
- Create memberships for each tenant and group combination
- Delete one membership using IdentityService#deleteTenantGroupMembership
Observed Behavior (Required on creation):
All memberships related to the tenant are gone.
Expected behavior (Required on creation):
Only the membership related to the respective group/user and tenant is deleted.
Root Cause (Required on prioritization):
The WHERE condition in the SQL query doesn't restrict the deletion to the respective user or group.
Solution Ideas (Optional):
Use queries that restrict the deletion to a user or group.
Hints (optional):
- The same misbehavior exists for deleting tenant <-> user memberships.
- See PR: https://github.com/camunda/camunda-bpm-platform/pull/1902