Forum Discussion
Azure Dynamic Group query not working correctly
I have to say, the parsing is frighteningly untrustworthy and inconsistent for this kind of scenario. But while a couple of other iterations produced unexpected results, the following example worked.
Effectively, I brought the single group "and" criterion to the front and finished with the "or" criterion, which produces the correct resulting membership.
Cheers,
Lain
I see two groups in your example. Will you try something for me?
-Add a third group with one member that is only in Group003
-Give Candice membership to Group 003
-Update the dynamic group syntax to:
user.memberof -any (group.objectId -in ["8ade68a3-dfed-442e-b8b8-6cd97857f5d9", "Groupd003Id"]) -and user.memberof -any (group.objectId -in ["44490cdd-9c9a-4a8b-b727-ad364aeecbc3"])
I have to say, the parsing is frighteningly untrustworthy and inconsistent for this kind of scenario. But while a couple of other iterations produced unexpected results, the following example worked.
Effectively, I brought the single group "and" criterion to the front and finished with the "or" criterion, which produces the correct resulting membership.
Cheers,
Lain
- is this saying "(A and B) or (C)", or is it saying "(A) and (B or C)"?
The latter, which in my example is:
Group003 -and (Group001 -or Group002)
Basically, I've removed the "-in" statement that held both groups and expanded it out to the fuller "-or" equivalent.
Using your example groups, and in text form, this reads like:
user.memberOf any (group.objectId in ["GroupC"]) and (user.memberOf any (group.objectId eq "GroupA") or user.memberOf any (group.objectId eq "GroupB"))Cheers,
Lain
- I have tried to replicate this logic in my own dynamic group, and it has resolved the initial issue. A GroupB-only members are not showing up in the dynamic group.
Unfortunately, I've noticed another issue. The dynamic group contains any members of Group C, whether they exist in Groups A/B or not.
Here is my query:
user.memberof any (group.objectId in ["GroupCId"]) and (user.memberof any (group.objectId eq ["GroupAId"]) or user.memberof any (group.objectId eq ["GroupBId"]))