[midPoint] Approval policy rule not started when role is assigned from template
Pavol Mederly
mederly at evolveum.com
Fri Feb 2 15:00:08 CET 2018
I think I understand. One option (although maybe not the cleanest and
nicest one) would be this:
You could write a scripting hook
<https://wiki.evolveum.com/display/midPoint/Scripting+Hooks> that would
detect when a user is added to the organization. The hook would be
attached to the final state, so it would be activated only after the
whole operation is executed. If the hook detects that the organization
assignment was recently added, it would start a new operation of adding
all the roles from the default set for that organization.
The new operation would contain new assignments in its primary delta, so
they could be approved or rejected, as necessary.
But the approved roles would stay with the user indefinitely, even after
he is unassigned from the organization. If you'd need to change this,
you'd have to implement another hook that would take care of that.
Hope this helps,
Pavol Mederly
Software developer
evolveum.com
On 02.02.2018 14:45, Alcides Carlos de Moraes Neto wrote:
> Hi Pavol,
>
> Thanks for the help. This is what I'm trying to accomplish: I want to
> be able to configure a set of roles to be a default set for an
> organization. For the roles I want to be applied every time, I can
> just use inducements, or mappings, from the OrgType, that's easy.
> But I wanted some of the roles to be upon approval only, and I wanted
> the approval workflow to happen automatically, so as soon as the new
> employee is in the Org, his manager gets notified to approve his roles.
>
> 2018-02-01 19:36 GMT-02:00 Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>>:
>
> Hello Alcides Carlos,
>
> yes, it is intended so. There are some conceptual reasons behind
> it, mainly along the line of how we should react to rejection.
>
> What's your use case? Why do you want to approve something that
> was given by the mapping?
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com <http://evolveum.com>
>
> On 01.02.2018 21:19, Alcides Carlos de Moraes Neto wrote:
>> Hello list,
>>
>> I have a role that has a policy rule for approval by the user's
>> manager. It works when I assign the role to a user manually.
>>
>> However, I now have a mapping in user template for this role.
>> Assignments from this mapping do not start the approval workflow.
>> Is this intended? Is there a way to require approval from role
>> assigned from mappings?
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180202/9ab62d0d/attachment.htm>
More information about the midPoint
mailing list