<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@page WordSection1 {margin: 70.85pt 3.0cm 70.85pt 3.0cm; }
P.MsoNormal {
FONT-SIZE: 11pt; FONT-FAMILY: "Calibri",sans-serif; MARGIN: 0cm 0cm 0pt
}
LI.MsoNormal {
FONT-SIZE: 11pt; FONT-FAMILY: "Calibri",sans-serif; MARGIN: 0cm 0cm 0pt
}
DIV.MsoNormal {
FONT-SIZE: 11pt; FONT-FAMILY: "Calibri",sans-serif; MARGIN: 0cm 0cm 0pt
}
A:link {
TEXT-DECORATION: underline; COLOR: #0563c1
}
SPAN.MsoHyperlink {
TEXT-DECORATION: underline; COLOR: #0563c1
}
A:visited {
TEXT-DECORATION: underline; COLOR: #954f72
}
SPAN.MsoHyperlinkFollowed {
TEXT-DECORATION: underline; COLOR: #954f72
}
SPAN.EmailStyle17 {
FONT-FAMILY: "Calibri",sans-serif; COLOR: windowtext
}
.MsoChpDefault {
FONT-FAMILY: "Calibri",sans-serif
}
</style><style id="owaParaStyle">P {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
</style>
</head>
<body lang="EN-US" link="#0563c1" vlink="#954f72" fPStyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">
<p>Hola Alex,</p>
<p> </p>
<p>I was working on exactly the same feature on last days, so I tested your code and I found an error on approverRef, the type should be an user</p>
<p> </p>
<p><approverRef oid="(APPROVER OID)"</p>
<p class="MsoNormal"> relation="org:default"</p>
<p class="MsoNormal"> type="c:UserType"></approverRef></p>
<p> </p>
<p>otherwise your request goes to nobody. Actually you can probably found them under "Work items / All requests"</p>
<div>
<p>Once fixed, the approval workflow works properly.</p>
<p> </p>
<div style="FONT-SIZE: 13px; FONT-FAMILY: Tahoma">
<p><b><span lang="FR" style="FONT-SIZE: 10.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: blue">Esteban Jeria</span></b><span lang="FR" style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: #575a5d"><br>
</span><span lang="FR" style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: black">Conseiller
</span><b><span lang="FR" style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: red">CGI</span></b><span lang="FR" style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: black">
/ </span><b><span style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: red">CGI</span></b><span style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: black"> Consultant</span><span style="FONT-SIZE: 10pt; FONT-FAMILY: "Tahoma","sans-serif"; COLOR: black"></span></p>
<p><span style="FONT-SIZE: 9.5pt; FONT-FAMILY: "Calibri Light","sans-serif"; BACKGROUND: white; COLOR: black">Sécurité - Gestion d'identité et des accès / Security - Identity and Access Management</span><span style="FONT-SIZE: 10pt; FONT-FAMILY: "Tahoma","sans-serif"; COLOR: black"></span></p>
</div>
</div>
<div style="FONT-SIZE: 16px; FONT-FAMILY: Times New Roman; COLOR: #000000">
<hr tabindex="-1">
<div id="divRpF439293" style="DIRECTION: ltr"><font color="#000000" size="2" face="Tahoma"><b>From:</b> Doler, Alexander Earl (LATCO - Buenos Aires) [adoler@deloitte.com]<br>
<b>Sent:</b> August 30, 2017 1:14 PM<br>
<b>To:</b> midPoint General Discussion<br>
<b>Subject:</b> [midPoint] Approval processes in Segregation of Duties<br>
</font><br>
</div>
<div></div>
<div>
<div class="WordSection1">
<p class="MsoNormal">Hello,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I am trying to configure Segregation of Duties in MidPoint so that when incompatible roles are requested, an approval process is triggered. I am able to successfully block assignment of incompatible roles by specifying “<enforcement>” in
the policy actions. However, when I replace “enforcement” with “approval,” MidPoint seems to ignore any approval process specified and assigns the role. I noticed the tag “prune” is also ignored when specified here. I am using MidPoint version 3.6.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Here is my code:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> <assignment id="7"></p>
<p class="MsoNormal"> <policyRule></p>
<p class="MsoNormal"> <name>Exclude Role Assignment</name></p>
<p class="MsoNormal"> <policyConstraints></p>
<p class="MsoNormal"> <exclusion></p>
<p class="MsoNormal"> <targetRef oid="(ROLE OID)"</p>
<p class="MsoNormal"> relation="org:default"</p>
<p class="MsoNormal"> type="c:RoleType"></targetRef></p>
<p class="MsoNormal"> </exclusion></p>
<p class="MsoNormal"> </policyConstraints></p>
<p class="MsoNormal"> <policyActions></p>
<p class="MsoNormal"> <approval></p>
<p class="MsoNormal"> <compositionStrategy></p>
<p class="MsoNormal"> <order>10</order></p>
<p class="MsoNormal"> </compositionStrategy></p>
<p class="MsoNormal"> <approvalSchema></p>
<p class="MsoNormal"> <level></p>
<p class="MsoNormal"> <name>Auditing Approval</name></p>
<p class="MsoNormal"> <approverRef oid="(APPROVER OID)"</p>
<p class="MsoNormal"> relation="org:default"</p>
<p class="MsoNormal"> type="c:OrgType"></approverRef></p>
<p class="MsoNormal"> <evaluationStrategy>firstDecides</evaluationStrategy></p>
<p class="MsoNormal"> <groupExpansion>onWorkItemCreation</groupExpansion></p>
<p class="MsoNormal"> </level></p>
<p class="MsoNormal"> </approvalSchema></p>
<p class="MsoNormal"> </approval></p>
<p class="MsoNormal"> </policyActions></p>
<p class="MsoNormal"> </policyRule></p>
<p class="MsoNormal"> </assignment></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Any thoughts on how to make this work?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thank you,</p>
<p class="MsoNormal">Alex</p>
</div>
</div>
</div>
</div>
</body>
</html>