[midPoint] Approver identified by role
Fabio Contessi
f.contessi at nsr.it
Wed Sep 16 11:55:15 CEST 2015
Hi Radovan,
your clarification was very useful for me: I had lost the focus on this.
Now, I have configured new org for approvers and I have put an inducement in it for the role that grants access rights. Then, I have configured this org as approverRef in System Configuration object.
Thanks a lot and regards.
Fabio
Da: "midPoint" midpoint-bounces at lists.evolveum.com
A: midpoint at lists.evolveum.com
Cc:
Data: Wed, 16 Sep 2015 11:27:30 +0200
Oggetto: Re: [midPoint] Approver identified by role
>
> Hi,
>
>
I'm not sure if I understand what you are trying to do. But
perhaps one clarification is needed:
>
>
In midPoint the roles are for giving access rights and
organizations are for grouping identities. This is sometimes the
same, but in some cases there is a big difference. It is explained
here:
>
>
https://wiki.evolveum.com/display/midPoint/Roles+and+Orgs
>
>
So, if you want to have a role that have multiple approvers then
the easiest way is to put all the approvers in one Org and then
use the Org as an approver. (Remember: a user may belong to any
number of Orgs in midPoint).
>
>
> --
Radovan Semancik
Software Architect
evolveum.com
>
>
On 09/15/2015 12:45 PM, Fabio Contessi wrote:
>
Hi,
> I have a problem with the approver expression in
midpoint 3.2, in the xml object "System Configuration".
>
> I need to identify the approver by role assignment.
So, I’m using this code snippet:
>
>
> <approverExpression>
> <description></description>
> <script>
> <code>
> import
com.evolveum.midpoint.prism.query.RefFilter
> import
com.evolveum.midpoint.prism.PrismContext
> import
com.evolveum.midpoint.prism.query.ObjectQuery
> import javax.xml.namespace.QName
> import
com.evolveum.midpoint.prism.path.ItemPath
> import
com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType
> import
com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
>
> String[] names =
["Role-Approvatore-AD-XXX"]
> PrismContext prismContext =
midpoint.createEmptyObject(UserType.class).asPrismObject().getPrismContext()
> RefFilter filter =
RefFilter.createReferenceEqual(UserType.F_ASSIGNMENT,UserType.class,prismContext,names)
> ObjectQuery query =
ObjectQuery.createObjectQuery(filter)
> list =
midpoint.searchObjects(UserType.class, query)
> for (def i = 0; i <
list.size(); i++) {
> def oid = list.get(i).getOid()
> lOut.add(oid)
> }
> return lOut
> </code>
> </script>
> </approverExpression>
>
> but I get this error:
>
>
> Error:
com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
java.lang.ClassCastException:
com.evolveum.midpoint.prism.PrismContainerDefinition cannot
be cast to
com.evolveum.midpoint.prism.PrismReferenceDefinition (new)
approverExpression
> 2015-09-15 12:37:04,163 [MODEL] [Thread-57]
ERROR
(com.evolveum.midpoint.model.common.expression.Expression):
Error evaluating expression in approverExpression:
java.lang.ClassCastException:
com.evolveum.midpoint.prism.PrismContainerDefinition cannot
be cast to
com.evolveum.midpoint.prism.PrismReferenceDefinition (new)
approverExpression
> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
java.lang.ClassCastException:
com.evolveum.midpoint.prism.PrismContainerDefinition cannot
be cast to
com.evolveum.midpoint.prism.PrismReferenceDefinition (new)
approverExpression
>
> Maybe I’m doing something wrong. Anyone could help
me?
>
> Thanks and regards.
>
> Fabio
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150916/eb798dd4/attachment.htm>
More information about the midPoint
mailing list