[midPoint] [4.0.2] - Issue with role shopping and globalPolicyRule for approval

Ivan Noris ivan.noris at evolveum.com
Wed Apr 28 12:22:01 CEST 2021


Hi,

maybe you need to switch off the legacy and default configuration as you 
are using policy rules?

In system configuration add:

<workflowConfiguration>
<useLegacyApproversSpecification>never</useLegacyApproversSpecification>
<useDefaultApprovalPolicyRules>never</useDefaultApprovalPolicyRules>
</workflowConfiguration>

Please try if it helps to fix your configuration.

Best regards,

Ivan

On 28. 4. 2021 10:29, Loïc SCHAMBER via midPoint wrote:
>
> Hi everyone ,
>
> I am currently experiencing a strange behaviour that I struggle to 
> explain.
>
> I have a globalPolicyRule that will change the approval policy for all 
> assignments  in order to have the “first decides” behaviour:
>
> <approvalSchema>
>
> <stage>
>
> <name>Role's approvers</name>
>
> <approverRelation>approver</approverRelation>
>
> <evaluationStrategy>firstDecides</evaluationStrategy>
>
> <outcomeIfNoApprovers>approve</outcomeIfNoApprovers>
>
> </stage>
>
> </approvalSchema>
>
> In order to apply this on assignment approval I also specified the 
> following constraint:
>
> <policyConstraints>
>
>          <assignment id="82">
>
> <operation>add</operation>
>
> </assignment>
>
> </policyConstraints>
>
> My globalPolicyRule works as expected with direct assignment of a role 
> (i.e. only one approval is required)!
>
> However, when we request the same role through the role shopping, the 
> approval process is still the default process. (i.e. all approvers 
> must approve)
>
> I think it may be a problem coming from the policyConstraints but I 
> still struggle to understand what to set (Even with this documentation 
> https://docs.evolveum.com/midpoint/devel/design/policy-constraints/ 
> <https://docs.evolveum.com/midpoint/devel/design/policy-constraints/>).
>
> May you explain me what is expected here, I think that going through 
> the role request is not the same as adding the assignment, but then 
> what should be the constraint?
>
> Thanks a lot for your help,
>
> Best Regards.
>
> logo <https://www.positivethinking.tech/>
>
> 	
>
> 	
>
> *Loïc Schamber* | IT Consultant
> lschamber at positivethinking.tech <mailto:lschamber at positivethinking.tech>
> Tel. +41 22 721 07 77 <tel:+41%2022%20721%2007%2077>  | Direct. +41 22 
> 555 27 69 <tel:+41%2022%20555%2027%2069>
>
>
> LinkedIn 
> <https://www.linkedin.com/company/the-positive-thinking-company/>Instagram 
> <https://www.instagram.com/positivethinkingcompany/>Vimeo 
> <https://twitter.com/PTC_Tech>Vimeo 
> <https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w>
>
> 	
> 	
>
> Chemin du Pré-Fleuri 5 – CH 1228 Plan-les-Ouates
>
> ------------------------------------------------------------------------
>
> *Help save paper, do you really need to print this email?*
> /The content of this email and any attachments are confidential and 
> are intended solely for the person and/or company to whom they are 
> addressed. The information may also be legally privileged. No employee 
> or agent is authorized to conclude any binding agreement on behalf of 
> Positive Thinking Company with another party by email without express 
> written confirmation. If you have received this email in error, any 
> use, reproduction or dissemination of this transmission is strictly 
> prohibited. If you are not the intended recipient, please immediately 
> notify the sender by return E-mail and delete this message, its 
> attachments and all copies from your system. Internet communications 
> cannot be guaranteed to be timely, secure, error or virus-free. The 
> sender does not accept liability for any errors or omissions. //Thank 
> you for your cooperation.
> /
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7735 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2337 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2756 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2358 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2669 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210428/e54a3364/attachment-0009.png>


More information about the midPoint mailing list