[midPoint] Invoke workflow during attribute changing

Pavol Mederly mederly at evolveum.com
Tue Feb 23 14:11:29 CET 2016 

Hello Roman.

Current implementation of workflows is aimed towards approving so called 
primary changes - i.e. changes explicitly requested by user (via GUI) or 
external application (via SOAP, REST or Java API). We could potentially 
deal also with changes coming from resources, but it is a bit more tricky.

Before trying to answer your question I'd need to understand it more 
deeply. So, you have an authoritative resource. When a login name 
changes on that resource for an account, currently this change is 
propagated to other resources. And you'd like to be able to control this 
process: i.e. either allow or disallow the change on connected resources.

My questions are:

1) Do I understand it correctly?

2) Is the allow/reject decision of "all or nothing" nature, i.e. is the 
login name change either allowed on all resources, or rejected for all 
resources? Or you'd like to be able to say: "allow change on resources 
1, 2, 3 but not on resources 4, 5, 6" ?

3) What about reconciliations? Imagine that you rejected a change today. 
But (let's say) tonight there will be another reconciliation and the 
change would pop up again. The workflow would be started again, and 
again it should be either allowed and rejected. And so on, and so on - 
each time when the reconciliation would be run. What to do with this?

Best regards,
Pavol

On 23.02.2016 13:58, Roman Pudil - AMI Praha a.s. wrote:
> Hi all,
> how to invoke workflow when changing some identity attribute?
> I want invoke workflow in midPoint, during loginname in authoritative 
> resource changing. I don't want to change loginname automaitcally in 
> all connected resources. I want to control it.
> Thanks!
> Regards
>
> Roman Pudil
> solution architect
>
> gsm: [+420] 775 663 666
> e-mail:roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>
> 			
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web:www.ami.cz <http://www.ami.cz>
>
> 			
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160223/b5da6386/attachment.htm>

More information about the midPoint mailing list