<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
From the point of workflow module, the second option is much easier
to implement. The only thing to do is to create so called "change
aspect" - a piece of code that detects that the login name attribute
is to be changed. Currently we have a lot of ready-made "change
aspects" for detecting assignment creation/modification, object
creation etc. (see <a
href="https://wiki.evolveum.com/display/midPoint/Workflow+configuration"><a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Workflow+configuration">https://wiki.evolveum.com/display/midPoint/Workflow+configuration</a></a>)
but this one is not there yet.<br>
<br>
Workflow module is designed so that customers/partners can add their
own change aspects, so it would not be a big problem.<br>
<br>
However, as currently I'm reworking GUI for approvals anyway, I can
implement also this change aspect. I think it's generally useful
(when made configurable e.g. to choose what are the 'critical'
attributes to watch), and quite easy to do. <br>
<br>
In what time frame do you need this feature? It should be part of
3.4, to be out this spring.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<br>
<div class="moz-cite-prefix">On 23.02.2016 14:40, Roman Pudil - AMI
Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:emf2846bcb-45e5-4896-a8db-16a3eb81d80b@rpudil-dell7440"
type="cite">
<style id="eMClientCss">BLOCKQUOTE.cite2 {
MARGIN-TOP: 3px; PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
.plain PRE {
FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal
}
.plain TT {
FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal
}
A IMG {
BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px
}
#x1af43c66bde24f3596443c2267f6ce98 {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
#x5092e65317d44284bcc3d19ee8fc52eb {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain PRE {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain TT {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
BODY {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
#x5092e65317d44284bcc3d19ee8fc52eb BLOCKQUOTE.cite {
PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
</style>
<style>#x1af43c66bde24f3596443c2267f6ce98 BLOCKQUOTE.cite2
{MARGIN-TOP: 3px; PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px}
#x1af43c66bde24f3596443c2267f6ce98 .plain PRE, #x1af43c66bde24f3596443c2267f6ce98 .plain TT
{FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal}
#x1af43c66bde24f3596443c2267f6ce98 A IMG
{BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px}
#x1af43c66bde24f3596443c2267f6ce98 .plain PRE, #x1af43c66bde24f3596443c2267f6ce98 .plain TT, #x1af43c66bde24f3596443c2267f6ce98
{FONT-SIZE: 12pt; FONT-FAMILY: Tahoma}
</style>
<div>Hi Pavol,<br>
first thing - thanks for very very quick answer! :-)<br>
Yes, You understand it correctly. LoginName in authoritative app
is not necessary, its only one of possibilities - see later.<br>
</div>
<div>I have two ideas - see scenarios:<br>
</div>
<div>First choice - login is in authoritative app:<br>
1) user is Jana Novakova, login name jana.novakova is in
authoritative app, in midPoint and in all other apps.<br>
2) user change last name to Svobodova; loginname in
authoritative app is changed to jana.svobodova, midPoint invokes
workflow "changing loginname" to jana.svobodova, nothing changes
in all other apps<br>
3) workflow is approved, loginName is changed in all others
apps.<br>
</div>
<div>Second choice - login is not in authoritative app, login
generates in midPoint:<br>
1) user is Jana Novakova, login name jana.novakova is in
midPoint and in all other apps.<br>
2) user change last name to Svobodova; last name in midPoint is
changed to Svobodova, midPoint invokes workflow "changing
loginname" to jana.svobodova, nothing changes in all other apps<br>
3) workflow is approved, loginName is changed in all others
apps.</div>
<div> </div>
<div><span id="xcb69f933c1634f79993670e28a63cb28"
style="BACKGROUND-COLOR: #ffffff">
</span></div>
<div>Simpler solution is better solution... :-)</div>
<div> </div>
<div>Regards!</div>
<div>Thanks!</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING: 0px;
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; COLOR:
rgb(0,0,0); FONT: medium 'Times New Roman'; WIDOWS: 1;
LETTER-SPACING: normal; TEXT-INDENT: 0px;
-webkit-text-stroke-width: 0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)"
colspan="2">
<p><span style="FONT-SIZE: 14px; FONT-WEIGHT: bold">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true" href="http://www.ami.cz/"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img moz-do-not-send="true" title="AMI Praha a.s."
alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
moz-do-not-send="true" alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(128,128,128)" colspan="8"><br>
Textem tohoto e-mailu podepisující neslibuje uzavřít
ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<div> </div>
<div> </div>
<div>------ Původní zpráva ------</div>
<div>Od: "Pavol Mederly" <<a moz-do-not-send="true"
href="mailto:mederly@evolveum.com">mederly@evolveum.com</a>></div>
<div>Komu: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></div>
<div>Odesláno: 23.2.2016 14:11:29</div>
<div>Předmět: Re: [midPoint] Invoke workflow during attribute
changing</div>
<div> </div>
<div id="x1af43c66bde24f3596443c2267f6ce98" style="COLOR: #000000">
<blockquote class="cite2" cite="56CC5A81.9080508@evolveum.com"
type="cite">Hello Roman.<br>
<br>
Current implementation of workflows is aimed towards approving
so called primary changes - i.e. changes explicitly requested
by user (via GUI) or external application (via SOAP, REST or
Java API). We could potentially deal also with changes coming
from resources, but it is a bit more tricky.<br>
<br>
Before trying to answer your question I'd need to understand
it more deeply. So, you have an authoritative resource. When a
login name changes on that resource for an account, currently
this change is propagated to other resources. And you'd like
to be able to control this process: i.e. either allow or
disallow the change on connected resources.<br>
<br>
My questions are:<br>
<br>
1) Do I understand it correctly?<br>
<br>
2) Is the allow/reject decision of "all or nothing" nature,
i.e. is the login name change either allowed on all resources,
or rejected for all resources? Or you'd like to be able to
say: "allow change on resources 1, 2, 3 but not on resources
4, 5, 6" ?<br>
<br>
3) What about reconciliations? Imagine that you rejected a
change today. But (let's say) tonight there will be another
reconciliation and the change would pop up again. The workflow
would be started again, and again it should be either allowed
and rejected. And so on, and so on - each time when the
reconciliation would be run. What to do with this?<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<div class="moz-cite-prefix">On 23.02.2016 13:58, Roman Pudil
- AMI Praha a.s. wrote:<br>
</div>
<blockquote class="cite"
cite="mid:em2d673800-bca0-4d93-b3a6-436782bbde41@rpudil-dell7440"
type="cite">
<div>Hi all,</div>
<div>how to invoke workflow when changing some identity
attribute?</div>
<div>I want invoke workflow in midPoint, during loginname in
authoritative resource changing. I don't want to change
loginname automaitcally in all connected resources. I want
to control it.</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div>Regards</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING: 0px;
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none;
COLOR: rgb(0,0,0); FONT: medium 'Times New Roman';
WIDOWS: 1; LETTER-SPACING: normal; TEXT-INDENT: 0px;
-webkit-text-stroke-width: 0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR:
rgb(0,0,0)" colspan="2">
<p><span style="FONT-SIZE: 14px; FONT-WEIGHT:
bold">Roman Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px
solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR:
rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.ami.cz/"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px
solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img title="AMI Praha a.s." alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
moz-do-not-send="true" border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"
moz-do-not-send="true"><img alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
moz-do-not-send="true" border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(128,128,128)" colspan="8"><br>
Textem tohoto e-mailu podepisující neslibuje
uzavřít ani neuzavírá za společnost AMI Praha
a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>