<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I think I understand. One option (although maybe not the cleanest
and nicest one) would be this:</p>
<p>You could write a <a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Scripting+Hooks">scripting
hook</a> that would detect when a user is added to the
organization. The hook would be attached to the final state, so it
would be activated only after the whole operation is executed. If
the hook detects that the organization assignment was recently
added, it would start a new operation of adding all the roles from
the default set for that organization.</p>
<p>The new operation would contain new assignments in its primary
delta, so they could be approved or rejected, as necessary.</p>
<p>But the approved roles would stay with the user indefinitely,
even after he is unassigned from the organization. If you'd need
to change this, you'd have to implement another hook that would
take care of that.</p>
<p>Hope this helps,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 02.02.2018 14:45, Alcides Carlos de
Moraes Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMLLNmm1XjTjSL2RFMXt37XO=RDuyMgyJq6bgvJfUcWzgKPTbA@mail.gmail.com">
<div dir="ltr">
<div>
<div>Hi Pavol,<br>
<br>
</div>
Thanks for the help. This is what I'm trying to accomplish: I
want to be able to configure a set of roles to be a default
set for an organization. For the roles I want to be applied
every time, I can just use inducements, or mappings, from the
OrgType, that's easy.<br>
</div>
<div>But I wanted some of the roles to be upon approval only,
and I wanted the approval workflow to happen automatically, so
as soon as the new employee is in the Org, his manager gets
notified to approve his roles.<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-02-01 19:36 GMT-02:00 Pavol
Mederly <span dir="ltr"><<a
href="mailto:mederly@evolveum.com" target="_blank"
moz-do-not-send="true">mederly@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello Alcides Carlos,</p>
<p>yes, it is intended so. There are some conceptual
reasons behind it, mainly along the line of how we
should react to rejection.</p>
<p>What's your use case? Why do you want to approve
something that was given by the mapping?</p>
<p>Best regards,<br>
</p>
<pre class="m_39755774036504307moz-signature" cols="72">Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
<div>
<div class="h5">
<div class="m_39755774036504307moz-cite-prefix">On
01.02.2018 21:19, Alcides Carlos de Moraes Neto
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>
<div>Hello list,<br>
<br>
</div>
I have a role that has a policy rule for
approval by the user's manager. It works when I
assign the role to a user manually.<br>
</div>
<br>
However, I now have a mapping in user template for
this role. Assignments from this mapping do not
start the approval workflow. Is this intended? Is
there a way to require approval from role assigned
from mappings?<br>
</div>
<br>
<fieldset
class="m_39755774036504307mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_39755774036504307moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_39755774036504307moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>