[midPoint] Notification or approval for attribute change
Pavol Mederly
mederly at evolveum.com
Fri Aug 7 20:36:08 CEST 2020
Hello Brad,
> Thank you so much for pointing me in the right direction. This may
> still be a bit over my head, but I think I understand how this would
> work. I'm thinking this would be a Global Policy Rule since it's not
> part of a Role or Service assignment. Is that right?
Yes, using global policy rule is the simplest way.
Generally, the policy rule can be attached to your users also using
metaroles or archetypes, but global policy rule is the mechanism to
start with.
> Also, just to verify I'm using the right the focusSelector: Since I'm
> wanting to watch for changes on a User Attribute, would I be using
> UserType?
Yes, exactly.
> Since I am only wanting to act on modifications to a single existing
> attribute value (and ignore the initial value insertion) would my
> policyConstraints look something like what I have below?
Yes.
> And finally, is there a list somewhere or samples of the possible
> policyActions?
The "official" documentation is the one I sent you earlier.
Unfortunately, there is very little on the policy actions or constraints.
Sources that might be of use for you:
* XSD (schema) documentation,
* samples - the best ones can be used in the test code (i.e.
"src/test/resources" in respective maven modules),
* some experimental ("thinking aloud") pages on the wiki, e.g.
https://wiki.evolveum.com/display/midPoint/Policy+Constraints and
children. But no guarantees of any applicability or even correctness
here.
A sample you could find useful is e.g. this one:
https://github.com/Evolveum/midpoint/blob/ebd94acf925f97a55609451bb5253471b8b8d983/model/workflow-impl/src/test/resources/objects-advanced/system-configuration.xml#L63-L84
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 07/08/2020 15:59, Brad Firestone wrote:
> Hello Pavol,
>
> Thank you so much for pointing me in the right direction. This may
> still be a bit over my head, but I think I understand how this would
> work. I'm thinking this would be a Global Policy Rule since it's not
> part of a Role or Service assignment. Is that right?
>
> Also, just to verify I'm using the right the focusSelector: Since I'm
> wanting to watch for changes on a User Attribute, would I be using
> UserType?
>
> Since I am only wanting to act on modifications to a single existing
> attribute value (and ignore the initial value insertion) would my
> policyConstraints look something like what I have below?
>
> I'm hoping something like this might be close:
> ||<systemConfiguration>
> ...
> <globalPolicyRule>
> <name>watch-for-change-in-systemA_ID-value</name>
> <policyConstraints>
> <modification>
> <operation>modify</operation>
> <item>extension/systemA_ID</item>
> </modification>
> </policyConstraints>
> <policyActions>
> ????
> </policyActions>
> <focusSelector>
> <type>UserType</type>
> </focusSelector>
> </globalPolicyRule>
> ...
> </systemConfiguration>
> ||
> |
> |
> And finally, is there a list somewhere or samples of the possible
> policyActions?
>
> Thank you again for your response. I appreciate it even if you don't
> have time to answer all my follow up questions. :-)
> Brad
>
>
>
>> Date: Tue, 4 Aug 2020 20:45:41 +0200
>> From: Pavol Mederly<mederly at evolveum.com>
>> To:midpoint at lists.evolveum.com
>> Subject: Re: [midPoint] Notification or approval for attribute change
>> Message-ID:<b7df03f1-fe9a-b486-3a06-3c44d562b454 at evolveum.com>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hello Brad,
>>
>> you could have a look at policy rules
>> <https://wiki.evolveum.com/display/midPoint/Policy+Rules>. In
>> particular, using policy conditions you can recognize situations when
>> object is modified (i.e. not added nor deleted) and specific property is
>> changed. And using policy actions you can do whatever you need, e.g.
>> send notification ("notification" action), initiate approval ("approval"
>> action), do any change ("scriptExecution" action), etc.
>>
>> Setting of current timestamp value to a database table (attached to the
>> user as a resource) should be doable also using mappings, provided that
>> appropriate condition (user is not new) is written.
>>
>> Best regards,
>>
>> Pavol Mederly
>> Software developer
>> evolveum.com
>>
>> On 04/08/2020 20:40, Brad Firestone wrote:
>>> Hi All,
>>>
>>> I have a situation where a certain User attribute might be changed by
>>> multiple people. If that attribute value is changed, we'd like to
>>> either set a different attribute value on a certain database table
>>> resource, or send a notification that the attribute value was changed.
>>> Or if there was a way to run that attribute value change through an
>>> approval process, that would work too.
>>>
>>> Here's an example:
>>>
>>> Existing (extension) attribute: SystemA_ID
>>> If a new user is created, populate the database table with the initial
>>> value, no notification needed.
>>> If SystemA_ID value is changed through an administrative action in the
>>> GUI (user channel) do one of the following:
>>> - send a notification email to a certain address to advise them of
>>> the change. OR..
>>> - place a current timestamp value in a separate column in the database
>>> table such as: SystemA_ID_changeDate. OR...
>>> -initiate an approval process to approve the value change of this
>>> extension attribute.
>>>
>>> Does anyone have any ideas of how to accomplish this? Thanks for any
>>> suggestions!
>>> Brad
>>>
>>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200807/1bb249a9/attachment.htm>
More information about the midPoint
mailing list