[midPoint] Approval processes in Segregation of Duties
Doler, Alexander Earl (LATCO - Buenos Aires)
adoler at deloitte.com
Wed Aug 30 19:14:35 CEST 2017
Hello,
I am trying to configure Segregation of Duties in MidPoint so that when incompatible roles are requested, an approval process is triggered. I am able to successfully block assignment of incompatible roles by specifying "<enforcement>" in the policy actions. However, when I replace "enforcement" with "approval," MidPoint seems to ignore any approval process specified and assigns the role. I noticed the tag "prune" is also ignored when specified here. I am using MidPoint version 3.6.
Here is my code:
<assignment id="7">
<policyRule>
<name>Exclude Role Assignment</name>
<policyConstraints>
<exclusion>
<targetRef oid="(ROLE OID)"
relation="org:default"
type="c:RoleType"></targetRef>
</exclusion>
</policyConstraints>
<policyActions>
<approval>
<compositionStrategy>
<order>10</order>
</compositionStrategy>
<approvalSchema>
<level>
<name>Auditing Approval</name>
<approverRef oid="(APPROVER OID)"
relation="org:default"
type="c:OrgType"></approverRef>
<evaluationStrategy>firstDecides</evaluationStrategy>
<groupExpansion>onWorkItemCreation</groupExpansion>
</level>
</approvalSchema>
</approval>
</policyActions>
</policyRule>
</assignment>
Any thoughts on how to make this work?
Thank you,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170830/e87d385e/attachment.htm>
More information about the midPoint
mailing list