<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello Roman.<br>
<br>
Current implementation of workflows is aimed towards approving so
called primary changes - i.e. changes explicitly requested by user
(via GUI) or external application (via SOAP, REST or Java API). We
could potentially deal also with changes coming from resources, but
it is a bit more tricky.<br>
<br>
Before trying to answer your question I'd need to understand it more
deeply. So, you have an authoritative resource. When a login name
changes on that resource for an account, currently this change is
propagated to other resources. And you'd like to be able to control
this process: i.e. either allow or disallow the change on connected
resources.<br>
<br>
My questions are:<br>
<br>
1) Do I understand it correctly?<br>
<br>
2) Is the allow/reject decision of "all or nothing" nature, i.e. is
the login name change either allowed on all resources, or rejected
for all resources? Or you'd like to be able to say: "allow change on
resources 1, 2, 3 but not on resources 4, 5, 6" ?<br>
<br>
3) What about reconciliations? Imagine that you rejected a change
today. But (let's say) tonight there will be another reconciliation
and the change would pop up again. The workflow would be started
again, and again it should be either allowed and rejected. And so
on, and so on - each time when the reconciliation would be run. What
to do with this?<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<div class="moz-cite-prefix">On 23.02.2016 13:58, Roman Pudil - AMI
Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:em2d673800-bca0-4d93-b3a6-436782bbde41@rpudil-dell7440"
type="cite">
<style id="eMClientCss">
blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
.plain pre, .plain tt { font-family: monospace; font-size: 100%; font-weight: normal; font-style: normal;}
a img { border: 0px; }body {font-family: Tahoma;font-size: 12pt;}
.plain pre, .plain tt {font-family: Tahoma;font-size: 12pt;}</style>
<div>Hi all,</div>
<div>how to invoke workflow when changing some identity attribute?</div>
<div>I want invoke workflow in midPoint, during loginname in
authoritative resource changing. I don't want to change
loginname automaitcally in all connected resources. I want to
control it.</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div>Regards</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING: 0px;
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; COLOR:
rgb(0,0,0); FONT: medium 'Times New Roman'; WIDOWS: 1;
LETTER-SPACING: normal; TEXT-INDENT: 0px;
-webkit-text-stroke-width: 0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)"
colspan="2">
<p><span style="FONT-SIZE: 14px; FONT-WEIGHT: bold">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true" href="http://www.ami.cz"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img moz-do-not-send="true" title="AMI Praha a.s."
alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
moz-do-not-send="true" alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(128,128,128)" colspan="8"><br>
Textem tohoto e-mailu podepisující neslibuje uzavřít
ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>