[midPoint] [4.0.2] - Issue with role shopping and globalPolicyRule for approval

Loïc SCHAMBER lschamber at positivethinking.tech
Wed Apr 28 10:29:18 CEST 2021 

Hi everyone ,

I am currently experiencing a strange behaviour that I struggle to explain.

I have a globalPolicyRule that will change the approval policy for all assignments  in order to have the "first decides" behaviour:
<approvalSchema>
<stage>
                        <name>Role's approvers</name>
                        <approverRelation>approver</approverRelation>
                        <evaluationStrategy>firstDecides</evaluationStrategy>
                        <outcomeIfNoApprovers>approve</outcomeIfNoApprovers>
                </stage>
</approvalSchema>

In order to apply this on assignment approval I also specified the following constraint:
<policyConstraints>
         <assignment id="82">
               <operation>add</operation>
         </assignment>
</policyConstraints>

My globalPolicyRule works as expected with direct assignment of a role (i.e. only one approval is required)!
However, when we request the same role through the role shopping, the approval process is still the default process. (i.e. all approvers must approve)

I think it may be a problem coming from the policyConstraints but I still struggle to understand what to set (Even with this documentation https://docs.evolveum.com/midpoint/devel/design/policy-constraints/).
May you explain me what is expected here, I think that going through the role request is not the same as adding the assignment, but then what should be the constraint?

Thanks a lot for your help,
Best Regards.



[logo]<https://www.positivethinking.tech/>

Loïc Schamber  | IT Consultant
lschamber at positivethinking.tech<mailto:lschamber at positivethinking.tech>
Tel. +41 22 721 07 77<tel:+41%2022%20721%2007%2077>  | Direct. +41 22 555 27 69<tel:+41%2022%20555%2027%2069>


[LinkedIn]<https://www.linkedin.com/company/the-positive-thinking-company/>  [Instagram] <https://www.instagram.com/positivethinkingcompany/>   [Vimeo] <https://twitter.com/PTC_Tech>   [Vimeo] <https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w>
Chemin du Pré-Fleuri 5 - CH 1228 Plan-les-Ouates
________________________________
Help save paper, do you really need to print this email?
The content of this email and any attachments are confidential and are intended solely for the person and/or company to whom they are addressed. The information may also be legally privileged. No employee or agent is authorized to conclude any binding agreement on behalf of Positive Thinking Company with another party by email without express written confirmation. If you have received this email in error, any use, reproduction or dissemination of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by return E-mail and delete this message, its attachments and all copies from your system. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. Thank you for your cooperation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/f4e7ec9d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7735 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/f4e7ec9d/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2337 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/f4e7ec9d/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2756 bytes
Desc: image003.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/f4e7ec9d/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2358 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/f4e7ec9d/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2669 bytes
Desc: image005.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/f4e7ec9d/attachment-0009.png>

More information about the midPoint mailing list