[midPoint] Assistance In Role Inducement Approval.

Pavol Mederly mederly at evolveum.com
Thu Dec 18 17:35:15 CET 2014


Hello Anand,

> Well, it would really be nice if I could achieve automatic approvals 
> for induced roles so that it will be beneficial while using multilevel 
> role inducements with approvals also.
I agree. I've created a record for this issue (MID-2130 
<https://jira.evolveum.com/browse/MID-2130>). Unfortunately, I cannot 
promise any specific date when it could be implemented. Please contact 
Igor or Radovan regarding this.

> I would also like to know how to add approval information to roles. I 
> tried going through the documentation but failed to find anything.
All relevant information about workflows is available at this page 
<https://wiki.evolveum.com/display/midPoint/Workflows>.

In particular, how to configure approval information for roles is here 
<https://wiki.evolveum.com/display/midPoint/Some+examples>. For example, 
when adding a single approver for a role, just add the <approverRef> 
reference to the role (as in Sensitive Role 1). Multi-level structure 
can be added via <approvalSchema> (as in Sensitive Role 2). Dynamically 
defined approvers can be specified via expressions under 
<approverExpression>/<automaticallyApproved> properties (as in Sensitive 
Role 3).

As for your other question,
> I want to configure Activity Workflow In Midpoint. I gone through your 
> documentation but I did not find any document related to Activiti 
> workflow Configuration.
I would say this:

1) role-related approvals are enabled as written here 
<https://wiki.evolveum.com/display/midPoint/Workflow+configuration>, 
namely by including the following in the system config file:

|<||workflow||>|
|<||changeProcessors||>|
|<||primaryUserChangeProcessor||>|
|<||aspect||>addRoleAssignmentAspect</||aspect||>|
|</||primaryUserChangeProcessor||>|
|</||changeProcessors||>|
|||</||workflow||>

|
2) as for other uses of workflows, you first have to specify what 
exactly has to be approved, and how. To do that, it is necessary to read 
the following documents:

  * architectural description of workflows in midPoint (at least to find
    out what is a change processor and workflow aspect):
    https://wiki.evolveum.com/display/midPoint/Workflow+Management
  * how to create your own workflow aspect:
    https://wiki.evolveum.com/display/midPoint/How+to+develop+your+own+approval+processes+-+case+1+-+using+primary+change+processor+and+general+item+approval+process

If you would need any specific assistance, just ask here. We're ready to 
help you.

Best regards,
Pavol

On 18. 12. 2014 15:12, Anand Kothekar wrote:
> Hi,
>
> Can anyone provide me assistance on this..
>
>
> Thanks
> Anand Kothekar
>
> On Mon, Dec 15, 2014 at 7:22 PM, Anand Kothekar 
> <anand.kothekar at confluxsys.com <mailto:anand.kothekar at confluxsys.com>> 
> wrote:
>
>     Hello Pavol,
>
>     Well, it would really be nice if I could achieve automatic
>     approvals for induced roles so that it will be beneficial while
>     using multilevel role inducements with approvals also.
>
>     I would also like to know how to add approval information to
>     roles. I tried going through the documentation but failed to find
>     anything.
>
>     It will be great if you provide me link to any of the
>     documentation or inform about adding approval information to role
>     so that Automatic Approval for Role Inheritance will be achieved.
>
>
>     Thanks.
>
>     On Mon, Dec 15, 2014 at 5:04 PM, Pavol Mederly
>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>
>         Hello Anand,
>
>         workflow requests are evaluated in so called "primary phase"
>         of operation execution. At that time, only changes explicitly
>         requested by the user are considered. So, the obvious solution
>         to your problem is to add approval information to each role
>         that includes your sensitive role as an inducement.
>
>         Is it OK for you? Or, is your situation such that you require
>         the ability to automatically start all approvals for induced
>         roles? If so, please describe it in a few words here.
>
>         Best regards,
>         Pavol
>
>         PS: I've noticed you write both to midpoint and midpoint-dev
>         list. It is not necessary to do so. I would suggest to send
>         questions like this one only to midpoint list (as it is a
>         user-oriented question, not a development-related one).
>
>
>         On 13. 12. 2014 11:51, Anand Kothekar wrote:
>>         Hi
>>
>>         I was working on *Role Approvals. *I created a role very
>>         similar to the *Sensitive Role 2.*
>>         *
>>         *
>>         The Role I created is working fine and also requesting for
>>         approvals as expected. I created one more Role having the
>>         previously role as its inducement(New Role Inheriting The
>>         Previous Role).
>>
>>         Here the hierarchy is working fine and previous role's Groups
>>         are getting added successfully but without any approval request.
>>
>>         So, Will you please help me out for forcing approvals on role
>>         Inducements also.
>>
>>         Please forward me any links related to the issue if available.
>>
>>
>>
>>         Regards
>>          Anand
>>
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>         _______________________________________________
>         midPoint mailing list
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141218/aa42bd49/attachment.htm>


More information about the midPoint mailing list