[midPoint] Notification or approval for attribute change
Brad Firestone
bhotrock at gmail.com
Fri Aug 7 15:59:36 CEST 2020
Hello Pavol,
Thank you so much for pointing me in the right direction. This may
still be a bit over my head, but I think I understand how this would
work. I'm thinking this would be a Global Policy Rule since it's not
part of a Role or Service assignment. Is that right?
Also, just to verify I'm using the right the focusSelector: Since I'm
wanting to watch for changes on a User Attribute, would I be using UserType?
Since I am only wanting to act on modifications to a single existing
attribute value (and ignore the initial value insertion) would my
policyConstraints look something like what I have below?
I'm hoping something like this might be close:
||<systemConfiguration>
...
<globalPolicyRule>
<name>watch-for-change-in-systemA_ID-value</name>
<policyConstraints>
<modification>
<operation>modify</operation>
<item>extension/systemA_ID</item>
</modification>
</policyConstraints>
<policyActions>
????
</policyActions>
<focusSelector>
<type>UserType</type>
</focusSelector>
</globalPolicyRule>
...
</systemConfiguration>
||
|
|
And finally, is there a list somewhere or samples of the possible
policyActions?
Thank you again for your response. I appreciate it even if you don't
have time to answer all my follow up questions. :-)
Brad
> Date: Tue, 4 Aug 2020 20:45:41 +0200
> From: Pavol Mederly<mederly at evolveum.com>
> To:midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Notification or approval for attribute change
> Message-ID:<b7df03f1-fe9a-b486-3a06-3c44d562b454 at evolveum.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hello Brad,
>
> you could have a look at policy rules
> <https://wiki.evolveum.com/display/midPoint/Policy+Rules>. In
> particular, using policy conditions you can recognize situations when
> object is modified (i.e. not added nor deleted) and specific property is
> changed. And using policy actions you can do whatever you need, e.g.
> send notification ("notification" action), initiate approval ("approval"
> action), do any change ("scriptExecution" action), etc.
>
> Setting of current timestamp value to a database table (attached to the
> user as a resource) should be doable also using mappings, provided that
> appropriate condition (user is not new) is written.
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
>
> On 04/08/2020 20:40, Brad Firestone wrote:
>> Hi All,
>>
>> I have a situation where a certain User attribute might be changed by
>> multiple people. If that attribute value is changed, we'd like to
>> either set a different attribute value on a certain database table
>> resource, or send a notification that the attribute value was changed.
>> Or if there was a way to run that attribute value change through an
>> approval process, that would work too.
>>
>> Here's an example:
>>
>> Existing (extension) attribute: SystemA_ID
>> If a new user is created, populate the database table with the initial
>> value, no notification needed.
>> If SystemA_ID value is changed through an administrative action in the
>> GUI (user channel) do one of the following:
>> - send a notification email to a certain address to advise them of
>> the change. OR..
>> - place a current timestamp value in a separate column in the database
>> table such as: SystemA_ID_changeDate. OR...
>> -initiate an approval process to approve the value change of this
>> extension attribute.
>>
>> Does anyone have any ideas of how to accomplish this? Thanks for any
>> suggestions!
>> Brad
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200807/1827505c/attachment.htm>
More information about the midPoint
mailing list