[midPoint] trouble with User approvals

[tomas.husar at ibask.eu]

Hallo together

I have following trouble in approval process.

In our solution we have special User identity called BK User.

attributes of BK User are controlled by its own Archetype and its own 
Object template.
BK user do not have GUI acces to midpoint
BK users are created by EndUsers
BK users can be edited by End User or some BK Admin user
BK users are available in midpont after approval process
during approval process is calculated LineManager who is responsible for 
aprowing the BK User
 Approval process is controlled by globalPolicyRule inside 
systemConfiguration

Without Approval process everything is OK, but after enabling approval 
things go so:
EndUser create new BK
The attributes are filled according ObjectTemplate and Archetype
actor (or principal} who do the attribute calculation is identical with 
EndUser who do BK User
at the end the BK user approving process do its business and 
all atributes of new BK user is stored inside CaseType as a 
objectReference
Case is delegated to calculated LineManager 
When  Line Manager logs to midpoint, he can see the new case
inside the case there are mentioned attributes of BK User
when Line Manager do the Approving
Archetype and  Object template do its busines, but
actor (or principal} who do the attribute calculation is not curent 
LineManager or EndUsers but superuser
and so all calculatio which are responsible on actor are recalculated 
according superuser

Please, what causes that during session in which the LM is looged , 
midpoint do the recalculation not like dedicated Line Manager but like 
superuser?


Tomas,











-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201207/869421ef/attachment.htm>