<div dir="ltr">Hello everybody,<div><br></div><div>I need to define approver for role by org structure.</div><div><br></div><div>Users from each organization subtree have different approver for same role.</div><div><br></div><div>Can it be done by org:approver? Following configuration ignores organization membership of user which requests approved role.</div><div><br></div><div>I have assignment on my approver:</div><div><div><assignment id="3"></div><div>      <metadata></div><div>         <requestTimestamp>2017-03-20T14:38:40.330+01:00</requestTimestamp></div><div>         <requestorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!--  --></requestorRef></div><div>         <createTimestamp>2017-03-20T14:38:41.434+01:00</createTimestamp></div><div>         <creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!--  --></creatorRef></div><div>         <createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</a></createChannel></div><div>      </metadata></div><div>      <targetRef xmlns:org="<a href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>"</div><div>                 oid="e19d0f9f-7c57-4597-94a1-6e1de6676db9"</div><div>                 relation="org:approver"</div><div>                 type="c:RoleType"><!--  --></targetRef></div><div>      <activation></div><div>         <effectiveStatus>enabled</effectiveStatus></div><div>      </activation></div><div>      <orgRef oid="daf3c536-817f-460a-b2b4-a243e3ac8db5" type="c:OrgType"><!--  --></orgRef></div><div>   </assignment></div><div>------------------------------------------------------------------------------------------------</div><div><br></div><div>Next i have configured metarole and assigned it to role e19d0f9f-7c57-4597-94a1-6e1de6676db9 . Metarole:</div><div><div><role xmlns:apti="<a href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">http://midpoint.evolveum.com/xml/ns/public/common/api-types-3</a>" xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:gen45="<a href="http://prism.evolveum.com/xml/ns/public/debug">http://prism.evolveum.com/xml/ns/public/debug</a>" xmlns:icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>" xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3">http://prism.evolveum.com/xml/ns/public/query-3</a>" xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>" xmlns:t="<a href="http://prism.evolveum.com/xml/ns/public/types-3">http://prism.evolveum.com/xml/ns/public/types-3</a>" xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" oid="org-approver-approved-meta-role" version="10" xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"></div><div>    <name>Org Approver Approved Role</name></div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span><inducement></div><div>        <policyRule></div><div>            <policyConstraints></div><div>                <assignment/></div><div>            </policyConstraints></div><div>            <policyActions></div><div>                <approval></div><div>                    <compositionStrategy></div><div>                        <order>40</order></div><div>                    </compositionStrategy></div><div>                    <approvalSchema></div><div>                        <level></div><div>                            <name>Org Approvers</name></div><div>                            <approverRelation>approver</approverRelation></div><div>                            <evaluationStrategy>firstDecides</evaluationStrategy></div><div>                        </level></div><div>                    </approvalSchema></div><div>                </approval></div><div>            </policyActions></div><div>        </policyRule></div><div>    </inducement></div><div></role></div></div><div>------------------------------------------------------------------------------------------------<br></div><div><br></div><div>This seems to ignore orgRef in assignment. When I try <approverRelation>org:approver</approverRelation> midpoint thinks that org: is namespace prefix. (Undeclared namespace prefix 'org' in 'org:approver'). Is there any configurational way aroud or do I have to make approverExpression script?</div><div><br></div><div><br></div><div>Best Regards</div><div><br></div><div>Oskar Butovič</div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><table style="font-family:verdana,arial,helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px;border-style:solid;width:482px"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray"><td style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray"><p><span style="font-size:14px;font-weight:bold">Oskar Butovič</span><br>solution architect<br><br>gsm: [+420] 774 480 101<br>e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;border-width:0px 1px 0px 0px;border-style:solid;border-color:gray rgb(204,204,204) gray gray;padding:0px">   </td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray">   </td><td style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;border-width:0px 1px 0px 0px;border-style:solid;border-color:gray rgb(204,204,204) gray gray;padding:0px">   </td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray">   </td><td style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:11px;margin:8px;width:116px;border:0px solid gray"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border: 0px;"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray"><td colspan="7" style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border: 0px; width: 480px; height: 82px;"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray"><td colspan="7" style="color:rgb(128,128,128);font-family:arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br></td></tr></tbody></table></div></div></div></div></div></div></div>
</div></div>