[midPoint] Invoke workflow during attribute changing
Pavol Mederly
mederly at evolveum.com
Tue Feb 23 14:11:29 CET 2016
Hello Roman.
Current implementation of workflows is aimed towards approving so called
primary changes - i.e. changes explicitly requested by user (via GUI) or
external application (via SOAP, REST or Java API). We could potentially
deal also with changes coming from resources, but it is a bit more tricky.
Before trying to answer your question I'd need to understand it more
deeply. So, you have an authoritative resource. When a login name
changes on that resource for an account, currently this change is
propagated to other resources. And you'd like to be able to control this
process: i.e. either allow or disallow the change on connected resources.
My questions are:
1) Do I understand it correctly?
2) Is the allow/reject decision of "all or nothing" nature, i.e. is the
login name change either allowed on all resources, or rejected for all
resources? Or you'd like to be able to say: "allow change on resources
1, 2, 3 but not on resources 4, 5, 6" ?
3) What about reconciliations? Imagine that you rejected a change today.
But (let's say) tonight there will be another reconciliation and the
change would pop up again. The workflow would be started again, and
again it should be either allowed and rejected. And so on, and so on -
each time when the reconciliation would be run. What to do with this?
Best regards,
Pavol
On 23.02.2016 13:58, Roman Pudil - AMI Praha a.s. wrote:
> Hi all,
> how to invoke workflow when changing some identity attribute?
> I want invoke workflow in midPoint, during loginname in authoritative
> resource changing. I don't want to change loginname automaitcally in
> all connected resources. I want to control it.
> Thanks!
> Regards
>
> Roman Pudil
> solution architect
>
> gsm: [+420] 775 663 666
> e-mail:roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web:www.ami.cz <http://www.ami.cz>
>
>
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160223/b5da6386/attachment.htm>
More information about the midPoint
mailing list