[midPoint] workflow - approvers approving - midpoint 3.5.1

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Thu Apr 6 16:02:08 CEST 2017 

Hello Pavol,

I Use policy rules. Follows example of one of my workflow roles.

I have not set anything regarding  legacy approvers and default approval
policy rules. So this behaviour would stop if i set
useLegacyApproversSpecification
to never?

----------------------------------------------------------------------------
<role xmlns:apti="
http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="
http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:gen45="
http://prism.evolveum.com/xml/ns/public/debug" xmlns:icfs="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="
http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
oid="refused-meta-role" version="10" xmlns="
http://midpoint.evolveum.com/xml/ns/public/common/common-3">
    <name>Refused Role</name>
    <inducement>
        <policyRule>
            <policyConstraints>
                <assignment/>
            </policyConstraints>
            <policyActions>
                <approval>
                    <compositionStrategy>
                        <order>2</order>
                    </compositionStrategy>
                    <approvalSchema>
                        <level>
                            <name>Automatic refusal</name>
                            <approverExpression>
                                <script>
                                    <code>
                                log.warn("approving new role with undefined
workflow for user: " + serachedUser.getName() + " automatically refusing.");
                                //TODO zastavit approve process v 3.5.1
bude mozne pouzit outcomeIfNoApprovers
                                return "workflow-refuser-user";
                                    </code>
                                </script>
                            </approverExpression>

<evaluationStrategy>firstDecides</evaluationStrategy>
                        </level>
                    </approvalSchema>
                </approval>
            </policyActions>
        </policyRule>
    </inducement>
</role>
--------------------------------------------------------------------


Best regards

Oskar Butovič

2017-04-06 15:30 GMT+02:00 Pavol Mederly <mederly at evolveum.com>:

> Hello Oskar,
>
> how are your approvals set up? Do you use policy rules? What are your
> settings regarding legacy approvers and default approval policy rules? (see
> https://wiki.evolveum.com/pages/viewpage.action?pageId=24084761).
>
> Because, unfortunately, there are some problems with policy-based
> approvals for non-default relations in 3.5.x (see MID-3799, #1).
>
> Pavol Mederly
> Software developerevolveum.com
>
> On 06.04.2017 15:12, Oskar Butovič - AMI Praha a.s. wrote:
>
> Hello everybody,
>
> I have stumbled across some strange approval workflow behaviour.
>
> When I am assigning roles with relation member everything works fine,
> exactly as configured.
>
> But when i try to assign members weird stuff starts to happen.
> Example:
> - no or any workflow is configured for role via assigned metaroles
> 1) I assign role R1 as approver to user U1
>     a) everything executes ok and role is assigned as approver relation
> 2) I assign role R1 as approver to user U2
>     a) midpoint ignores any workflow configured on metaroles
> (approverExpressions are not executed at all)
>     b) approval task for user U1 is created.
>
> Why this might happen and how it could be changed? Part 2.b is especially
> bothersome. It might cause that confusing workflow notifications are sent
> during initial or following workflow approver configuration.
>
> Best Regards
>
> Oskar Butovič
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170406/4b2b7869/attachment.htm>

More information about the midPoint mailing list