[midPoint] Approval policy rule not started when role is assigned from template
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Fri Feb 2 15:11:53 CET 2018
I think that would work, yes. Nice feature, I didn't know about it.
How would one detect a new assignment? Are there more examples?
Thanks!
2018-02-02 12:00 GMT-02:00 Pavol Mederly <mederly at evolveum.com>:
> I think I understand. One option (although maybe not the cleanest and
> nicest one) would be this:
>
> You could write a scripting hook
> <https://wiki.evolveum.com/display/midPoint/Scripting+Hooks> that would
> detect when a user is added to the organization. The hook would be attached
> to the final state, so it would be activated only after the whole operation
> is executed. If the hook detects that the organization assignment was
> recently added, it would start a new operation of adding all the roles from
> the default set for that organization.
>
> The new operation would contain new assignments in its primary delta, so
> they could be approved or rejected, as necessary.
>
> But the approved roles would stay with the user indefinitely, even after
> he is unassigned from the organization. If you'd need to change this, you'd
> have to implement another hook that would take care of that.
>
> Hope this helps,
>
> Pavol Mederly
> Software developerevolveum.com
>
> On 02.02.2018 14:45, Alcides Carlos de Moraes Neto wrote:
>
> Hi Pavol,
>
> Thanks for the help. This is what I'm trying to accomplish: I want to be
> able to configure a set of roles to be a default set for an organization.
> For the roles I want to be applied every time, I can just use inducements,
> or mappings, from the OrgType, that's easy.
> But I wanted some of the roles to be upon approval only, and I wanted the
> approval workflow to happen automatically, so as soon as the new employee
> is in the Org, his manager gets notified to approve his roles.
>
> 2018-02-01 19:36 GMT-02:00 Pavol Mederly <mederly at evolveum.com>:
>
>> Hello Alcides Carlos,
>>
>> yes, it is intended so. There are some conceptual reasons behind it,
>> mainly along the line of how we should react to rejection.
>>
>> What's your use case? Why do you want to approve something that was given
>> by the mapping?
>>
>> Best regards,
>>
>> Pavol Mederly
>> Software developerevolveum.com
>>
>> On 01.02.2018 21:19, Alcides Carlos de Moraes Neto wrote:
>>
>> Hello list,
>>
>> I have a role that has a policy rule for approval by the user's manager.
>> It works when I assign the role to a user manually.
>>
>> However, I now have a mapping in user template for this role. Assignments
>> from this mapping do not start the approval workflow. Is this intended? Is
>> there a way to require approval from role assigned from mappings?
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180202/0f26829f/attachment.htm>
More information about the midPoint
mailing list