[midPoint] [4.0.2] - Issue with role shopping and globalPolicyRule for approval
Ivan Noris
ivan.noris at evolveum.com
Wed Apr 28 12:22:01 CEST 2021
Hi,
maybe you need to switch off the legacy and default configuration as you
are using policy rules?
In system configuration add:
<workflowConfiguration>
<useLegacyApproversSpecification>never</useLegacyApproversSpecification>
<useDefaultApprovalPolicyRules>never</useDefaultApprovalPolicyRules>
</workflowConfiguration>
Please try if it helps to fix your configuration.
Best regards,
Ivan
On 28. 4. 2021 10:29, Loïc SCHAMBER via midPoint wrote:
>
> Hi everyone ,
>
> I am currently experiencing a strange behaviour that I struggle to
> explain.
>
> I have a globalPolicyRule that will change the approval policy for all
> assignments in order to have the “first decides” behaviour:
>
> <approvalSchema>
>
> <stage>
>
> <name>Role's approvers</name>
>
> <approverRelation>approver</approverRelation>
>
> <evaluationStrategy>firstDecides</evaluationStrategy>
>
> <outcomeIfNoApprovers>approve</outcomeIfNoApprovers>
>
> </stage>
>
> </approvalSchema>
>
> In order to apply this on assignment approval I also specified the
> following constraint:
>
> <policyConstraints>
>
> <assignment id="82">
>
> <operation>add</operation>
>
> </assignment>
>
> </policyConstraints>
>
> My globalPolicyRule works as expected with direct assignment of a role
> (i.e. only one approval is required)!
>
> However, when we request the same role through the role shopping, the
> approval process is still the default process. (i.e. all approvers
> must approve)
>
> I think it may be a problem coming from the policyConstraints but I
> still struggle to understand what to set (Even with this documentation
> https://docs.evolveum.com/midpoint/devel/design/policy-constraints/
> <https://docs.evolveum.com/midpoint/devel/design/policy-constraints/>).
>
> May you explain me what is expected here, I think that going through
> the role request is not the same as adding the assignment, but then
> what should be the constraint?
>
> Thanks a lot for your help,
>
> Best Regards.
>
> logo <https://www.positivethinking.tech/>
>
>
>
>
>
> *Loïc Schamber* | IT Consultant
> lschamber at positivethinking.tech <mailto:lschamber at positivethinking.tech>
> Tel. +41 22 721 07 77 <tel:+41%2022%20721%2007%2077> | Direct. +41 22
> 555 27 69 <tel:+41%2022%20555%2027%2069>
>
>
> LinkedIn
> <https://www.linkedin.com/company/the-positive-thinking-company/>Instagram
> <https://www.instagram.com/positivethinkingcompany/>Vimeo
> <https://twitter.com/PTC_Tech>Vimeo
> <https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w>
>
>
>
>
> Chemin du Pré-Fleuri 5 – CH 1228 Plan-les-Ouates
>
> ------------------------------------------------------------------------
>
> *Help save paper, do you really need to print this email?*
> /The content of this email and any attachments are confidential and
> are intended solely for the person and/or company to whom they are
> addressed. The information may also be legally privileged. No employee
> or agent is authorized to conclude any binding agreement on behalf of
> Positive Thinking Company with another party by email without express
> written confirmation. If you have received this email in error, any
> use, reproduction or dissemination of this transmission is strictly
> prohibited. If you are not the intended recipient, please immediately
> notify the sender by return E-mail and delete this message, its
> attachments and all copies from your system. Internet communications
> cannot be guaranteed to be timely, secure, error or virus-free. The
> sender does not accept liability for any errors or omissions. //Thank
> you for your cooperation.
> /
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7735 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2337 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2756 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2358 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2669 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0009.png>
More information about the midPoint
mailing list