[midPoint] Assistance In Role Inducement Approval.
Pavol Mederly
mederly at evolveum.com
Thu Dec 18 17:35:15 CET 2014
Hello Anand,
> Well, it would really be nice if I could achieve automatic approvals
> for induced roles so that it will be beneficial while using multilevel
> role inducements with approvals also.
I agree. I've created a record for this issue (MID-2130
<https://jira.evolveum.com/browse/MID-2130>). Unfortunately, I cannot
promise any specific date when it could be implemented. Please contact
Igor or Radovan regarding this.
> I would also like to know how to add approval information to roles. I
> tried going through the documentation but failed to find anything.
All relevant information about workflows is available at this page
<https://wiki.evolveum.com/display/midPoint/Workflows>.
In particular, how to configure approval information for roles is here
<https://wiki.evolveum.com/display/midPoint/Some+examples>. For example,
when adding a single approver for a role, just add the <approverRef>
reference to the role (as in Sensitive Role 1). Multi-level structure
can be added via <approvalSchema> (as in Sensitive Role 2). Dynamically
defined approvers can be specified via expressions under
<approverExpression>/<automaticallyApproved> properties (as in Sensitive
Role 3).
As for your other question,
> I want to configure Activity Workflow In Midpoint. I gone through your
> documentation but I did not find any document related to Activiti
> workflow Configuration.
I would say this:
1) role-related approvals are enabled as written here
<https://wiki.evolveum.com/display/midPoint/Workflow+configuration>,
namely by including the following in the system config file:
|<||workflow||>|
|<||changeProcessors||>|
|<||primaryUserChangeProcessor||>|
|<||aspect||>addRoleAssignmentAspect</||aspect||>|
|</||primaryUserChangeProcessor||>|
|</||changeProcessors||>|
|||</||workflow||>
|
2) as for other uses of workflows, you first have to specify what
exactly has to be approved, and how. To do that, it is necessary to read
the following documents:
* architectural description of workflows in midPoint (at least to find
out what is a change processor and workflow aspect):
https://wiki.evolveum.com/display/midPoint/Workflow+Management
* how to create your own workflow aspect:
https://wiki.evolveum.com/display/midPoint/How+to+develop+your+own+approval+processes+-+case+1+-+using+primary+change+processor+and+general+item+approval+process
If you would need any specific assistance, just ask here. We're ready to
help you.
Best regards,
Pavol
On 18. 12. 2014 15:12, Anand Kothekar wrote:
> Hi,
>
> Can anyone provide me assistance on this..
>
>
> Thanks
> Anand Kothekar
>
> On Mon, Dec 15, 2014 at 7:22 PM, Anand Kothekar
> <anand.kothekar at confluxsys.com <mailto:anand.kothekar at confluxsys.com>>
> wrote:
>
> Hello Pavol,
>
> Well, it would really be nice if I could achieve automatic
> approvals for induced roles so that it will be beneficial while
> using multilevel role inducements with approvals also.
>
> I would also like to know how to add approval information to
> roles. I tried going through the documentation but failed to find
> anything.
>
> It will be great if you provide me link to any of the
> documentation or inform about adding approval information to role
> so that Automatic Approval for Role Inheritance will be achieved.
>
>
> Thanks.
>
> On Mon, Dec 15, 2014 at 5:04 PM, Pavol Mederly
> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>
> Hello Anand,
>
> workflow requests are evaluated in so called "primary phase"
> of operation execution. At that time, only changes explicitly
> requested by the user are considered. So, the obvious solution
> to your problem is to add approval information to each role
> that includes your sensitive role as an inducement.
>
> Is it OK for you? Or, is your situation such that you require
> the ability to automatically start all approvals for induced
> roles? If so, please describe it in a few words here.
>
> Best regards,
> Pavol
>
> PS: I've noticed you write both to midpoint and midpoint-dev
> list. It is not necessary to do so. I would suggest to send
> questions like this one only to midpoint list (as it is a
> user-oriented question, not a development-related one).
>
>
> On 13. 12. 2014 11:51, Anand Kothekar wrote:
>> Hi
>>
>> I was working on *Role Approvals. *I created a role very
>> similar to the *Sensitive Role 2.*
>> *
>> *
>> The Role I created is working fine and also requesting for
>> approvals as expected. I created one more Role having the
>> previously role as its inducement(New Role Inheriting The
>> Previous Role).
>>
>> Here the hierarchy is working fine and previous role's Groups
>> are getting added successfully but without any approval request.
>>
>> So, Will you please help me out for forcing approvals on role
>> Inducements also.
>>
>> Please forward me any links related to the issue if available.
>>
>>
>>
>> Regards
>> Anand
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141218/aa42bd49/attachment.htm>
More information about the midPoint
mailing list