[midPoint] Notification or approval for attribute change

Brad Firestone bhotrock at gmail.com
Fri Aug 7 15:59:36 CEST 2020


Hello Pavol,

Thank you so much for pointing me in the right direction.  This may 
still be a bit over my head, but I think I understand how this would 
work.  I'm thinking this would be a Global Policy Rule since it's not 
part of a Role or Service assignment.  Is that right?

Also, just to verify I'm using the right the focusSelector:  Since I'm 
wanting to watch for changes on a User Attribute, would I be using UserType?

Since I am only wanting to act on modifications to a single existing 
attribute value (and ignore the initial value insertion) would my 
policyConstraints look something like what I have below?

I'm hoping something like this might be close:
||<systemConfiguration>
...
     <globalPolicyRule>
         <name>watch-for-change-in-systemA_ID-value</name>
             <policyConstraints>
                  <modification>
                       <operation>modify</operation>
                       <item>extension/systemA_ID</item>
                  </modification>
             </policyConstraints>
         <policyActions>
                 ????
         </policyActions>
         <focusSelector>
             <type>UserType</type>
         </focusSelector>
    </globalPolicyRule>
  ...
</systemConfiguration>
||
|
|
And finally, is there a list somewhere or samples of the possible 
policyActions?

Thank you again for your response.  I appreciate it even if you don't 
have time to answer all my follow up questions.  :-)
Brad



> Date: Tue, 4 Aug 2020 20:45:41 +0200
> From: Pavol Mederly<mederly at evolveum.com>
> To:midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Notification or approval for attribute change
> Message-ID:<b7df03f1-fe9a-b486-3a06-3c44d562b454 at evolveum.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hello Brad,
>
> you could have a look at policy rules
> <https://wiki.evolveum.com/display/midPoint/Policy+Rules>. In
> particular, using policy conditions you can recognize situations when
> object is modified (i.e. not added nor deleted) and specific property is
> changed. And using policy actions you can do whatever you need, e.g.
> send notification ("notification" action), initiate approval ("approval"
> action), do any change ("scriptExecution" action), etc.
>
> Setting of current timestamp value to a database table (attached to the
> user as a resource) should be doable also using mappings, provided that
> appropriate condition (user is not new) is written.
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
>
> On 04/08/2020 20:40, Brad Firestone wrote:
>> Hi All,
>>
>> I have a situation where a certain User attribute might be changed by
>> multiple people.  If that attribute value is changed, we'd like to
>> either set a different attribute value on a certain database table
>> resource, or send a notification that the attribute value was changed.
>> Or if there was a way to run that attribute value change through an
>> approval process, that would work too.
>>
>> Here's an example:
>>
>> Existing (extension) attribute:  SystemA_ID
>> If a new user is created, populate the database table with the initial
>> value, no notification needed.
>> If SystemA_ID value is changed through an administrative action in the
>> GUI (user channel) do one of the following:
>>   - send a notification email to a certain address to advise them of
>> the change.  OR..
>> - place a current timestamp value in a separate column in the database
>> table such as:  SystemA_ID_changeDate.  OR...
>> -initiate an approval process to approve the value change of this
>> extension attribute.
>>
>> Does anyone have any ideas of how to accomplish this?  Thanks for any
>> suggestions!
>> Brad
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200807/1827505c/attachment.htm>


More information about the midPoint mailing list