[Midpoint-dev] Issues in creating approval workflow
Pavol Mederly
pavol.mederly at gmail.com
Fri Nov 7 11:09:18 CET 2014
Hello Shelly,
it took me some time to look at this.
The problem is with outdated wiki documentation - I apologize for that.
I've updated it, see
https://wiki.evolveum.com/display/midPoint/Some+examples. Basically, you
have to change *user -> object* and that's it.
Please note, however, that in order to recognize user as a Org manager,
it is necessary to have the following defined for him (taken from
samples/org/org-monkey-island-simple.xml):
*<parentOrgRef oid="00000000-8888-6666-0000-100000000001"
type="c:OrgType" relation="org:manager"
xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'/>*
And, if a user has no managers, the role assignment will be
automatically approved, as described on the wiki page. (There was a bug
related to automatic approvals that prevented them from being applied
succesfully. It's been fixed yesterday in the master branch:
https://github.com/Evolveum/midpoint/commit/c96f38b0262da8cfb3861379d10b7af44a1ba2fe.)
Best regards,
Pavol
>
>
> Hi ,
>
> Request you to provide help on this issue. Attached is the role scipt
> and also the logs for the reference.
>
> Regards,
> Shelly
>
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>>
>> Hi Pavol,
>>
>>
>> I have increased the log level.
>>
>> Attached is the log file for reference and also the
>> SensitiveRole3 script which I am trying to assign to the user.
>>
>> The error I am receiving in the logs is :
>>
>>
>> *groovy.lang.MissingPropertyException: No such property: user for
>> class: Script7 (new) approverExpression*
>> *com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>> groovy.lang.MissingPropertyException: No such property: user for
>> class: Script7 (new) approverExpression*
>> at
>> com.evolveum.midpoint.model.common.expression.script.jsr223.Jsr223ScriptEvaluator.evaluate(Jsr223ScriptEvaluator.java:124)
>> ~[model-common-3.0.jar:na]
>> at
>> com.evolveum.midpoint.model.common.expression.script.ScriptExpression.evaluate(ScriptExpression.java:108)
>> ~[model-common-3.0.jar:na]
>> at
>> com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluator.transformSingleValue(ScriptExpressionEvaluator.java:58)
>> [model-common-3.0.jar:na]
>> at
>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluateScriptExpression(AbstractValueTransformationExpressionEvaluator.java:276)
>> [model-common-3.0.jar:na]
>>
>>
>>
>>
>> Looks like we need to define this user variable which I am using
>> in the script of SensitiveRole3. But not sure how to exactly
>> define that.
>>
>>
>> Please provide your inputs for the same.
>>
>>
>>
>> Regards,
>>
>> Shelly
>>
>> ------------------------------------------------------------------------
>> *From:* Sai Chandra
>> *Sent:* 09 October 2014 21:41
>> *To:* Shelly Piplani
>> *Subject:* RE: [Midpoint-dev] Issues in creating approval workflow
>>
>> Thanks and Regards
>>
>> Saichandra.T
>>
>> *From:*midPoint-dev
>> [mailto:midpoint-dev-bounces at lists.evolveum.com] *On Behalf Of
>> *Pavol Mederly
>> *Sent:* 09 October 2014 14:12
>> *To:* midpoint-dev at lists.evolveum.com
>> *Subject:* Re: [Midpoint-dev] Issues in creating approval workflow
>>
>> Shelly,
>>
>> you (and I as well) need the stack trace for the error you've
>> mentioned. Stack traces are written to the log if the logging is
>> at DEBUG or TRACE levels.
>> So, set you debug level to TRACE for Workflow module, try again,
>> and post the log here.
>>
>> Best regards,
>> Pavol
>>
>> On 8. 10. 2014 17:37, Shelly Piplani wrote:
>>
>> Hi ,
>>
>> I am trying to create approval workflow. Ihave created a
>> manager for an Organisation Unit and created a role called
>> SensitiveRole3 as given in the following link:
>>
>> https://github.com/Evolveum/midpoint/blob/master/samples/roles/sensitive-role-3.xml
>>
>> <https://github.com/Evolveum/midpoint/blob/master/samples/roles/sensitive-role-3.xml>
>>
>>
>>
>> midpoint/sensitive-role-3.xml at master · Evolveum/midpoint ·
>> GitHub
>>
>> midpoint - MidPoint Identity Manager
>>
>> Read more...
>> <https://github.com/Evolveum/midpoint/blob/master/samples/roles/sensitive-role-3.xml>
>>
>> However, I have removed the following from the role:
>>
>> <automaticallyApproved>
>>
>> <description>If the user works in F0006 (Scumm Bar), the
>> assignment of this role is automatically approved for
>> him.</description>
>>
>> <script>
>>
>> <code>midpoint.isMemberOf(user,
>> midpoint.getOrgByName("F0006").getOid())</code>
>>
>> </script>
>>
>> </automaticallyApproved>
>>
>>
>> After assigning that Organisation unit to the user, I am
>> trying to assign SensitiveRole3 to this user.
>> I am getting the following error in idm logs:
>>
>>
>> 2014-10-08 20:53:21,861 [MODEL] [http-8008-5] ERROR
>> (com.evolveum.midpoint.wf.impl.jobs.JobController): Couldn't
>> send a request to start a process instance to workflow
>> management system, reason: Couldn't evaluate approvers
>> expressions
>> 2014-10-08 20:53:21,910 [MODEL] [http-8008-5] ERROR
>> (com.evolveum.midpoint.wf.impl.processors.primary.PrimaryChangeProcessor):
>> Workflow process(es) could not be started, reason: Workflow
>> process instance creation could not be requested.
>>
>> Please provide your inputs on this.
>>
>> Regards,
>> Shelly
>>
>> This message contains information that may be privileged or
>> confidential and is the property of ILANTUS Technologies. It
>> is intended only for the person to whom it is addressed. If
>> you are not the intended recipient, you are not authorized to
>> read, print, retain, copy, disseminate, distribute, or use
>> this message or any part thereof. If you receive this message
>> in error, please notify the sender immediately and delete all
>> copies of this message.
>>
>>
>> _______________________________________________
>>
>> midPoint-dev mailing list
>>
>> midPoint-dev at lists.evolveum.com <mailto:midPoint-dev at lists.evolveum.com>
>>
>> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>>
>>
>> This message contains information that may be privileged or
>> confidential and is the property of ILANTUS Technologies. It is
>> intended only for the person to whom it is addressed. If you are
>> not the intended recipient, you are not authorized to read,
>> print, retain, copy, disseminate, distribute, or use this message
>> or any part thereof. If you receive this message in error, please
>> notify the sender immediately and delete all copies of this message.
>>
>> This message contains information that may be privileged or
>> confidential and is the property of ILANTUS Technologies. It is
>> intended only for the person to whom it is addressed. If you are
>> not the intended recipient, you are not authorized to read,
>> print, retain, copy, disseminate, distribute, or use this message
>> or any part thereof. If you receive this message in error, please
>> notify the sender immediately and delete all copies of this message.
>> This message contains information that may be privileged or
>> confidential and is the property of ILANTUS Technologies. It is
>> intended only for the person to whom it is addressed. If you are
>> not the intended recipient, you are not authorized to read,
>> print, retain, copy, disseminate, distribute, or use this message
>> or any part thereof. If you receive this message in error, please
>> notify the sender immediately and delete all copies of this message.
>> _______________________________________________
>> midPoint-dev mailing list
>> midPoint-dev at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>>
>>
>>
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer
>> evolveum.com
>> ___________________________________________
>> "Idem per idem - semper idem Vix."
>> This message contains information that may be privileged or
>> confidential and is the property of ILANTUS Technologies. It is
>> intended only for the person to whom it is addressed. If you are not
>> the intended recipient, you are not authorized to read, print,
>> retain, copy, disseminate, distribute, or use this message or any
>> part thereof. If you receive this message in error, please notify the
>> sender immediately and delete all copies of this message.
>> This message contains information that may be privileged or
>> confidential and is the property of ILANTUS Technologies. It is
>> intended only for the person to whom it is addressed. If you are not
>> the intended recipient, you are not authorized to read, print,
>> retain, copy, disseminate, distribute, or use this message or any
>> part thereof. If you receive this message in error, please notify the
>> sender immediately and delete all copies of this message.
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com
> ___________________________________________
> "Idem per idem - semper idem Vix."
> This message contains information that may be privileged or
> confidential and is the property of ILANTUS Technologies. It is
> intended only for the person to whom it is addressed. If you are not
> the intended recipient, you are not authorized to read, print, retain,
> copy, disseminate, distribute, or use this message or any part
> thereof. If you receive this message in error, please notify the
> sender immediately and delete all copies of this message.
> This message contains information that may be privileged or
> confidential and is the property of ILANTUS Technologies. It is
> intended only for the person to whom it is addressed. If you are not
> the intended recipient, you are not authorized to read, print, retain,
> copy, disseminate, distribute, or use this message or any part
> thereof. If you receive this message in error, please notify the
> sender immediately and delete all copies of this message.
>
>
> _______________________________________________
> midPoint-dev mailing list
> midPoint-dev at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20141107/255f9267/attachment-0001.html>
More information about the midPoint-dev
mailing list