<div dir="ltr">Hello Pavol,<div><br></div><div>Now I see that more complex it becomes with external systems. :-) The desired behavior would be that role is unassigned in the external system when such role assignment is refused in midPoint. So it seems more like recertification process.<br></div><div><br></div><div>Could it be solved by immediately starting recertification for role assignment synced from the external system?</div><div><br></div><div>Best Regards</div><div>Oskar Butovič</div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-12-14 12:51 GMT+01:00 Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello Oskar,</p>
<p>the crucial question is: what should midPoint do if such a
secondary change would get rejected?<br>
</p>
<pre class="m_-6335656383629778434moz-signature" cols="72">Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre><div><div class="h5">
<div class="m_-6335656383629778434moz-cite-prefix">On 14.12.2017 11:34, Oskar Butovič -
AMI Praha a.s. wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hello everybody,
<div><br>
</div>
<div>I was wondering whether I can enforce executing approval
workflow upon assignment which is in the secondary delta. Eg.
role assignment synchronized from an external system or role
assigned by object template based on some attribute values.</div>
<div><br>
</div>
<div>I have some ideas:</div>
<div>- can it be configured by policy rules alone?</div>
<div>- can it be done by generalChangeProcessor <a href="https://wiki.evolveum.com/display/midPoint/How+to+develop+your+own+approval+processes+-+case+3:+using+general+change+processor" target="_blank">https:/<wbr>/wiki.evolveum.com/display/<wbr>midPoint/How+to+develop+your+<wbr>own+approval+processes+-+case+<wbr>3:+using+general+change+<wbr>processor</a>
?</div>
<div>- If all else fails would moving the assignment delta from
secondary to primary via hook do the trick?</div>
<div><br>
</div>
<div>Could any of those ideas work?</div>
<div><br>
</div>
<div>Best Regards</div>
<div>Oskar Butovič</div>
<div>-- <br>
<div class="m_-6335656383629778434gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px;border-style:solid;width:482px">
<tbody>
<tr style="padding:0px;margin:0px;border:0px solid gray">
<td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray">
<p><span style="font-size:14px;font-weight:bold">Oskar
Butovič</span><br>
solution architect<br>
<br>
gsm: <a href="tel:+420%20774%20480%20101" value="+420774480101" target="_blank">[+420] 774 480 101</a><br>
e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p>
</td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-width:0px 1px 0px 0px;border-style:solid;border-color:gray rgb(204,204,204) gray gray;padding:0px"> </td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray"> </td>
<td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: <a href="tel:+420%20274%20783%20239" value="+420274783239" target="_blank">[+420] 274 783 239</a><br>
web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p>
</td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-width:0px 1px 0px 0px;border-style:solid;border-color:gray rgb(204,204,204) gray gray;padding:0px"> </td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray"> </td>
<td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;width:116px;border:0px solid gray">
<p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p>
</td>
</tr>
<tr style="padding:0px;margin:0px;border:0px solid gray">
<td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray"><br>
<a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI
Praha a.s." style="border:0px;width:480px;height:82px"></a></td>
</tr>
<tr style="padding:0px;margin:0px;border:0px solid gray">
<td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray"><br>
Textem tohoto e-mailu podepisující
neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně
písemnou formu.<br>
<br>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-6335656383629778434mimeAttachmentHeader"></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-6335656383629778434moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-6335656383629778434moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Oskar Butovič</span><br>solution architect<br><br>gsm: [+420] 774 480 101<br>e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important;width:116px"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br></td></tr></tbody></table></div></div></div></div></div></div></div>
</div>