The patch IDEMPIERE-2137a stops the exporting of AD_User_Roles

<tbayen> Or another question is: Do we even really want to export users when we export a role?
<tbayen> Is it best to ignore the user tab? I see no reason to have it and if you need you can export is as Data.
<CarlosRuiz> I have a worst problem there
<CarlosRuiz> well - to export and import role definition from dev to test to prod - can be useful
<CarlosRuiz> but maybe the solution is just to allow import on users on the same tenant
<tbayen> So you say we export all users but allow import only for the uuids we know (but not superuser and not #AD_User_ID)?
<CarlosRuiz> two issues here
<CarlosRuiz> when importing is a must to check the tenant of the user on the imported record and just import if is on the same tenant - there is a bug there importing GardenAdmin role definition on a new tenant
<CarlosRuiz> now, hengsin is wondering if is correct to export ad_user_roles records
<tbayen> Thats what I said.
<CarlosRuiz>
<tbayen> Then the first issue is no more an issue?
<CarlosRuiz> ok - I think we can better move the ticket on that line
<CarlosRuiz> change the rolehandler to not export user-role definition
<CarlosRuiz> it can be exported using Data as usual
<CarlosRuiz> hengsin agreed too

Reading MRole.afterSave I see it's creating automatically role for SuperUser AND also to the user that is creating the role.
So, maybe the same problem can arise if you import the 2pack with a user different than SuperUser which has the role assigned.

I would also recommend to user MRole.SUPERUSER_USER_ID constant instead of the 100 in the patch.

I do not understand your comment. My tests shows the following: Iwent to the demo server (in System Tenant) and created a role "testrole". I did nothing but creating it. There was an entry for the SuperUser automatically added. Then I created a packout configuration "roletest" and added one line of type Role to create a 2Pack file of the role. This xml file contains a record of type AD_User_Roles to say that SuperUser is member of this role. I can't load this 2Pack file on another system. That means the "Role" handler is broken!

There are some ideas to solve this issue:

• Not write the SuperUser entry into the 2Pack file at all. It is included in every role so this information is not needed.

• Care about this when reading the file e.g. by catching the exception and doing nothing.

I think the first is the better. My patch solves it this way.

Regards,
Thomas

Hi Thomas,

Don't think we should export SuperUser at the first place. Unless it is really a must to have, I would like to avoid adding yet another hard coded rule.

Regards,
Low