[midPoint] Assistance In Role Inducement Approval.
Anand Kothekar
anand.kothekar at confluxsys.com
Fri Dec 19 16:42:48 CET 2014
Thank you very much for the assistance.
On Thu, Dec 18, 2014 at 10:05 PM, Pavol Mederly <mederly at evolveum.com>
wrote:
>
> Hello Anand,
>
> Well, it would really be nice if I could achieve automatic approvals for
> induced roles so that it will be beneficial while using multilevel role
> inducements with approvals also.
>
> I agree. I've created a record for this issue (MID-2130
> <https://jira.evolveum.com/browse/MID-2130>). Unfortunately, I cannot
> promise any specific date when it could be implemented. Please contact Igor
> or Radovan regarding this.
>
> I would also like to know how to add approval information to roles. I
> tried going through the documentation but failed to find anything.
>
> All relevant information about workflows is available at this page
> <https://wiki.evolveum.com/display/midPoint/Workflows>.
>
> In particular, how to configure approval information for roles is here
> <https://wiki.evolveum.com/display/midPoint/Some+examples>. For example,
> when adding a single approver for a role, just add the <approverRef>
> reference to the role (as in Sensitive Role 1). Multi-level structure can
> be added via <approvalSchema> (as in Sensitive Role 2). Dynamically
> defined approvers can be specified via expressions under
> <approverExpression>/<automaticallyApproved> properties (as in Sensitive
> Role 3).
>
> As for your other question,
>
> I want to configure Activity Workflow In Midpoint. I gone through your
> documentation but I did not find any document related to Activiti workflow
> Configuration.
>
> I would say this:
>
> 1) role-related approvals are enabled as written here
> <https://wiki.evolveum.com/display/midPoint/Workflow+configuration>,
> namely by including the following in the system config file:
>
> <workflow>
> <changeProcessors>
> <primaryUserChangeProcessor>
> <aspect>addRoleAssignmentAspect</aspect>
> </primaryUserChangeProcessor>
> </changeProcessors>
> </workflow>
>
> 2) as for other uses of workflows, you first have to specify what
> exactly has to be approved, and how. To do that, it is necessary to read
> the following documents:
>
> - architectural description of workflows in midPoint (at least to find
> out what is a change processor and workflow aspect):
> https://wiki.evolveum.com/display/midPoint/Workflow+Management
> - how to create your own workflow aspect:
> https://wiki.evolveum.com/display/midPoint/How+to+develop+your+own+approval+processes+-+case+1+-+using+primary+change+processor+and+general+item+approval+process
>
> If you would need any specific assistance, just ask here. We're ready to
> help you.
>
> Best regards,
> Pavol
>
>
> On 18. 12. 2014 15:12, Anand Kothekar wrote:
>
> Hi,
>
> Can anyone provide me assistance on this..
>
>
> Thanks
> Anand Kothekar
>
> On Mon, Dec 15, 2014 at 7:22 PM, Anand Kothekar <
> anand.kothekar at confluxsys.com> wrote:
>>
>> Hello Pavol,
>>
>> Well, it would really be nice if I could achieve automatic approvals
>> for induced roles so that it will be beneficial while using multilevel role
>> inducements with approvals also.
>>
>> I would also like to know how to add approval information to roles. I
>> tried going through the documentation but failed to find anything.
>>
>> It will be great if you provide me link to any of the documentation or
>> inform about adding approval information to role so that Automatic Approval
>> for Role Inheritance will be achieved.
>>
>>
>> Thanks.
>>
>> On Mon, Dec 15, 2014 at 5:04 PM, Pavol Mederly <mederly at evolveum.com>
>> wrote:
>>>
>>> Hello Anand,
>>>
>>> workflow requests are evaluated in so called "primary phase" of
>>> operation execution. At that time, only changes explicitly requested by the
>>> user are considered. So, the obvious solution to your problem is to add
>>> approval information to each role that includes your sensitive role as an
>>> inducement.
>>>
>>> Is it OK for you? Or, is your situation such that you require the
>>> ability to automatically start all approvals for induced roles? If so,
>>> please describe it in a few words here.
>>>
>>> Best regards,
>>> Pavol
>>>
>>> PS: I've noticed you write both to midpoint and midpoint-dev list. It is
>>> not necessary to do so. I would suggest to send questions like this one
>>> only to midpoint list (as it is a user-oriented question, not a
>>> development-related one).
>>>
>>>
>>> On 13. 12. 2014 11:51, Anand Kothekar wrote:
>>>
>>> Hi
>>>
>>> I was working on *Role Approvals. *I created a role very similar to
>>> the *Sensitive Role 2.*
>>>
>>> The Role I created is working fine and also requesting for approvals
>>> as expected. I created one more Role having the previously role as its
>>> inducement(New Role Inheriting The Previous Role).
>>>
>>> Here the hierarchy is working fine and previous role's Groups are
>>> getting added successfully but without any approval request.
>>>
>>> So, Will you please help me out for forcing approvals on role
>>> Inducements also.
>>>
>>> Please forward me any links related to the issue if available.
>>>
>>>
>>>
>>> Regards
>>> Anand
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141219/d4329aa3/attachment.htm>
More information about the midPoint
mailing list