[midPoint] RES: Midpoint - Add conditional approval flow
Vitor Alves | Gerencianet
vitor.alves at gerencianet.com.br
Wed Sep 14 00:24:05 CEST 2022
Hi everyone!
I tried to solve the problem below, implementing the "escalate" flow, so that when there were no approvers (outcomeIfNoApprovers), it was directed to escalate. I believe I didn't understand how the flow works, or I couldn't implement it correctly. Below is how it was implemented. If anyone can help, or if you've had a similar issue. I saw in the examples the use of escalation via Policy Rule (in systemConfiguration), but I confess that it was not clear to me if it would solve my case or if it's just so that we can make the application globally in midPoint. Thanks in advance for your support and help.
<inducement id="10">
<policyRule>
<name>Approval flow</name>
<policyConstraints>
<assignment id="11"/>
</policyConstraints>
<policyActions>
<approval id="12">
<compositionStrategy>
<order>10</order>
</compositionStrategy>
<approvalSchema>
<stage id="13">
<name>Approvers/Line managers</name>
<approverExpression>
<script>
<code>midpoint.getManagersOidsExceptUser(object)</code>
</script>
</approverExpression>
<evaluationStrategy>firstDecides</evaluationStrategy>
<outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
<duration>P7D</duration>
<timedActions id="14">
<actions>
<escalate>
<name>Approvers Tecnhical Escalation</name>
<approverRef oid="cf6c47e1-41c8-4f66-9f15-cbf49a62e179" relation="org:default" type="c:OrgType">
<!--Approvers/Temp -->
</approverRef>
<outcomeIfNoApprovers>escalate</outcomeIfNoApprovers>
<duration>P7D</duration>
<delegationMethod>addAssignees</delegationMethod>
<notifyBeforeAction>P1D</notifyBeforeAction>
<notifyBeforeAction>P2D</notifyBeforeAction>
<escalationLevelName>Approvers Tecnhical Escalation</escalationLevelName>
</escalate>
</actions>
<escalationLevelFrom>1</escalationLevelFrom>
<escalationLevelTo>1</escalationLevelTo>
</timedActions>
</stage>
</approvalSchema>
</approval>
</policyActions>
</policyRule>
</inducement>
Regards,
Vitor Alves
De: Vitor Alves | Gerencianet
Enviada em: quinta-feira, 8 de setembro de 2022 08:59
Para: midpoint at lists.evolveum.com
Assunto: Midpoint - Add conditional approval flow
Hello community!
We already have an approval flow in place, which assigns the Line Manager for the approval, if it does not exist, the approval is denied as follows:
<inducement id="10">
<policyRule>
<name>Approval Flow</name>
<policyConstraints>
<assignment id="11"/>
</policyConstraints>
<policyActions>
<approval id="12">
<compositionStrategy>
<order>10</order>
</compositionStrategy>
<approvalSchema>
<stage id="13">
<name>Approvers/Line managers</name>
<approverExpression>
<script>
<code>midpoint.getManagersOidsExceptUser(object)</code>
</script>
</approverExpression>
<evaluationStrategy>firstDecides</evaluationStrategy>
<outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
<duration>P7D</duration>
</stage>
</approvalSchema>
</approval>
</policyActions>
</policyRule>
</inducement>
The problem we are facing is when the manager himself requests a role, the process is cancelled. Ideally, if there is no manager or if he himself is the manager, this request should be forwarded to a member of the "Security-Approvers" organization. I made a configuration, based on steps, but the flow is always forwarded to this second step, which would not be correct, as I only need it to be forwarded to the members of that organization if it doesn't find any approver. can anybody help me?
Regards,
-----
Vitor Alves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220913/9fd61d6c/attachment-0001.htm>
More information about the midPoint
mailing list