[midPoint] Admin gui question(s)
Yakov Revyakin
yrevyakin at gmail.com
Thu Sep 25 07:16:14 CEST 2025
You know that a user is active if administrativeStatus is unknown. Let the
HR resource leave administrativeStatus unknown for an active user, set
administrativeStatus with Disable using standard Midpoint activation UI. In
this case, HR still skips setting administrativeStatus explicitly and
your hand made administrativeStatus won't be overwritten after
reconciliation. If you'd like to make the user enabled again you simply set
administrativeStatus in Unknown back. This delegates management for
administrativeStatus to HR back again.
You can add a condition in the HR resource status attribute to limit status
calculation only by Disable case.
On Fri, 19 Sept 2025 at 10:20, Markus Calmius <markus.calmius at proton.ch>
wrote:
> Yes, HR is source of truth.
> However, sometimes a forced offboarding or onboarding can take place. Then
> we have an override status, based on this:
> https://evolveum.com/how-to-override-administrative-status/
>
> So we do have a way to do it, but the default buttons are not the way
>
> Markus
> On Thursday, 18 September 2025 at 16:34, Yakov Revyakin <
> yrevyakin at gmail.com> wrote:
>
> Do you mean sync with HR overrides Midpoint user's administrative status
> which Midpoint admin changed before?
>
> On Mon, 15 Sept 2025 at 17:35, Markus Calmius via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
>>
>> Hi,
>>
>> TL;DR
>> is it possible to either:
>>
>> 1. hide the buttons for enable/disable users, or
>> 2. override the default action?
>>
>>
>> To give some more background:
>> Our HR system is the sole authority for creating user accounts and
>> assigning their administrative status.
>>
>> We have implemented an override mechanism that allows us to deactivate a
>> user ahead of the HR‑initiated process when necessary.
>>
>> While the standard deactivation buttons function correctly, the change is
>> only temporary. Any update to the user or the execution of the
>> HR‑reconciliation task restores the status defined by HR.
>> Although we could restrict this capability entirely. it will result in an
>> error message. I prefer to prevent the action silently rather than generate
>> errors.
>> For example, a service‑desk technician who is authorised to disable
>> accounts may use the default buttons and assume the operation succeeded. In
>> reality, the modification is later undone by the HR reconciliation process.
>>
>>
>> Kind regards,
>> Markus
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250925/263536c4/attachment.htm>
More information about the midPoint
mailing list