[midPoint] Starting approval processes for secondary deltas

Ivan Noris ivan.noris at evolveum.com
Mon May 25 17:40:19 CEST 2015


Hi Ilja,

in case that the "some cases" can be programatically defined by user's
attributes or some other properties, I think maybe you can consider
using code from example on
https://wiki.evolveum.com/display/midPoint/Some+examples :
(Sensitive Role 3 example)

|    ||<*automaticallyApproved*>|
|        <description>If the user works in F0006 (Scumm Bar), the
assignment of ||this| |role is automatically approved ||for|
|him.</description>|
|        <script>|
|            <code>*midpoint.isMemberOf(object,
midpoint.getOrgByName(*|*|"F0006"|*|*).getOid())*</code>|
|        ||</script>|
|    ||</*automaticallyApproved*>|

Regards,
Ivan

On 05/25/2015 05:24 PM, Илья Дорофеев wrote:
> Hi,
>
> I have user template mappings which assign / unassign certain roles depending on the values of certain attributes. In some cases I want these assignments / unassignments to be passed through an approval process. As these changes appear to be secondary deltas, as far as I understand, I have two options: either to utilize the general change processor or implement my own change processor. But it is not clear which one to choose. What advantages and disadvantages do both provide? In addition to this, I see the PrimaryChangeProcessor which seems suitable for my needs (by implementing specific aspect), but its functionality restricted solely to primary deltas. Could you elaborate on what stands behind this design? Why couldn't it be expanded to processing secondary deltas?
>
>
> Ilya Dorofeev
> Software Architect
> Solar Security
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150525/1fe9e1ba/attachment.htm>


More information about the midPoint mailing list