[midPoint] Override default approval policy
Jussi Jokela
jussi.jokela92 at gmail.com
Mon Mar 3 11:45:41 CET 2025
Hi,
Anyone have any ideas for this? I even tried to debug this with AI and
it told me that this solution should work. :D
Br,
Jussi Joekal
to 27.2.2025 klo 14.48 Jussi Jokela (jussi.jokela92 at gmail.com) kirjoitti:
>
> Hello again,
>
> Seems like the code snippets were badly formatted in my previous
> message, here they are again and hopefully more readable, as I wish
> someone could help me with this:
>
> <displayName>Metarole: High risk systems</displayName>
> <inducement id="1">
> <policyRule>
> <policyConstraints>
> <assignment>
> <operation>add</operation>
> </assignment>
> </policyConstraints>
> <policyActions>
> <approval id="3">
> <compositionStrategy>
> <order>5</order>
> <mergeOverwriting>true</mergeOverwriting>
> </compositionStrategy>
> <approvalSchema>
> <stage id="4">
> <name>Security</name>
> <approverRef relation="org:default"
> type="c:OrgType">
> <filter>
> <q:text>name="High_risk_systems"</q:text>
> </filter>
> <resolutionTime>run</resolutionTime>
> </approverRef>
>
> <evaluationStrategy>allMustApprove</evaluationStrategy>
> <outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
> <groupExpansion>onWorkItemCreation</groupExpansion>
> </stage>
> </approvalSchema>
> </approval>
> </policyActions>
> </policyRule>
> </inducement>
>
> <displayName>Default approver</displayName>
> <inducement id="1">
> <policyRule>
> <policyConstraints>
> <assignment>
> <operation>add</operation>
> </assignment>
> </policyConstraints>
> <policyActions>
> <approval id="16">
> <compositionStrategy>
> <order>50</order>
> </compositionStrategy>
> <approvalSchema>
> <stage id="17">
> <name>Default approver</name>
> <approverRef relation="org:default"
> type="c:OrgType">
> <filter>
> <q:text>name="Default approver"</q:text>
> </filter>
> <resolutionTime>run</resolutionTime>
> </approverRef>
>
> <evaluationStrategy>firstDecides</evaluationStrategy>
> <outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
> <groupExpansion>onWorkItemCreation</groupExpansion>
> </stage>
> </approvalSchema>
> </approval>
> </policyActions>
> </policyRule>
> </inducement>
>
> <inducement id="59">
> <targetRef oid="7c1a3009-b456-40e6-a160-be32f70c1c7c" (default
> approver) relation="org:default" type="c:RoleType"/>
> </inducement>
>
>
> Br,
> Jussi
>
>
> ke 26.2.2025 klo 15.27 Jussi Jokela (jussi.jokela92 at gmail.com) kirjoitti:
> >
> >
> > I'm having difficulties overriding my "default approver" policy. I have two metaroles, one for default approver and one for "high risk systems" (for example) and
> > and the default approver is inherited from another metarole which is used when creating new roles and the high risk metarole is assigned when the created role requires it.
> >
> > The high risk metarole has the <mergeOverwriting>true</mergeOverwriting> but it does not seem to have effect. When the default approver and high risk system metaroles are induced to
> > created role, both policy stages require manual approval when the desired outcome is just to approve the high risk system (all must approve) as it has lower order (higher priority).
> >
> > Here are the code snippets for both policy metaroles and the metarole that includes the default approver policy:
> >
> > <displayName>Metarole: High risk systems</displayName>
> > <inducement id="1">
> > <policyRule>
> > <policyConstraints>
> > <assignment>
> > <operation>add</operation>
> > </assignment>
> > </policyConstraints>
> > <policyActions>
> > <approval id="3">
> > <compositionStrategy>
> > <order>5</order>
> > <mergeOverwriting>true</mergeOverwriting>
> > </compositionStrategy>
> > <approvalSchema>
> > <stage id="4">
> > <name>Security</name>
> > <approverRef relation="org:default" type="c:OrgType">
> > <filter>
> > <q:text>name="High_risk_systems"</q:text>
> > </filter>
> > <resolutionTime>run</resolutionTime>
> > </approverRef>
> > <evaluationStrategy>allMustApprove</evaluationStrategy>
> > <outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
> > <groupExpansion>onWorkItemCreation</groupExpansion>
> > </stage>
> > </approvalSchema>
> > </approval>
> > </policyActions>
> > </policyRule>
> > </inducement>
> >
> > <displayName>Default approver</displayName>
> > <inducement id="1">
> > <policyRule>
> > <policyConstraints>
> > <assignment>
> > <operation>add</operation>
> > </assignment>
> > </policyConstraints>
> > <policyActions>
> > <approval id="16">
> > <compositionStrategy>
> > <order>50</order>
> > </compositionStrategy>
> > <approvalSchema>
> > <stage id="17">
> > <name>Default approver</name>
> > <approverRef relation="org:default" type="c:OrgType">
> > <filter>
> > <q:text>name="Default approver"</q:text>
> > </filter>
> > <resolutionTime>run</resolutionTime>
> > </approverRef>
> > <evaluationStrategy>firstDecides</evaluationStrategy>
> > <outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
> > <groupExpansion>onWorkItemCreation</groupExpansion>
> > </stage>
> > </approvalSchema>
> > </approval>
> > </policyActions>
> > </policyRule>
> > </inducement>
> >
> > <inducement id="59">
> > <targetRef oid="7c1a3009-b456-40e6-a160-be32f70c1c7c" (default approver) relation="org:default" type="c:RoleType"/>
> > </inducement>
> >
> >
> > Hope my goal is clear. :)
> >
> >
> > Best regards,
> > Jussi
More information about the midPoint
mailing list