<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello!</p>
<p>The authorization solved the problem. Thank you very much!!!</p>
<p>Best regards!<br>
WS<br>
</p>
<br>
<div class="moz-cite-prefix">W dniu 12.04.2018 o 10:27, TIPA
Sylvaire-Kevin pisze:<br>
</div>
<blockquote type="cite" cite="mid:214-5acf1880-b-5247ab00@120148575">Hello,<br>
<br>
I use the same think, you end user need to have authorization for
read userType information (name min). If it dosen't, he canno't
get the manager of the org.<br>
<br>
<authorization><br>
<name>RE-READ-OtherUserName</name><br>
<description><br>
Allow to read name of all user, needed by workflow
process<br>
</description><br>
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>
<object><br>
<type>UserType</type><br>
</object><br>
<c:item>name</c:item><br>
</authorization><br>
<br>
<br>
<br>
Other way, you can change the runas of your approver metarole<br>
<br>
<approverExpression><br>
<description>Get user's
managers from parent Org</description><br>
<span style="color:#c0392b;"><runAsRef
oid="00000000-0000-0000-0000-000000000002" /></span><br>
<script
xsi:type="c:ScriptExpressionEvaluatorType"><br>
<code><br>
log.info("\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n")<br>
log.error("Target :
{}",target)<br>
log.error("Target OID :
{}", target.parentOrgRef.oid[0])<br>
approvers =
midpoint.getManagersOfOrg(target.parentOrgRef.oid[0])<br>
log.info("Approvers : {}",
approvers)<br>
approvers.oid<br>
</code><br>
</script><br>
</approverExpression><br>
<br>
<br>
--
<p>Cordialement.</p>
<table class="MsoNormalTable"
style="width:100.0%;border:none;border-top:solid #00BBDF 3.0pt"
border="1" width="100%" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="border: medium none; padding: 0cm; width: 301px;"
valign="top">
<table class="MsoNormalTable" style="margin-left: 7.5pt;"
border="0" height="332" width="274" cellspacing="0"
cellpadding="0">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm" valign="top">
<p class="MsoNormal"
style="margin-top:7.5pt;mso-margin-bottom-alt:auto"><b><span
style="font-size:11.5pt;color:#1F497D;mso-fareast-language:FR">Sylvaire-Kevin
TIPA</span></b><br>
<i><span
style="font-size:10.0pt;color:gray;mso-fareast-language:FR">Infrastructure</span></i></p>
</td>
</tr>
<tr>
<td style="padding:3.75pt 0cm 3.75pt 0cm"
valign="top"><b><span
style="font-size:10.0pt;color:gray;mso-fareast-language:FR">THALES
SERVICES SAS</span></b><br>
<span
style="font-size:10.0pt;color:gray;mso-fareast-language:FR">44
Quai Charles de Gaulle<br>
CS 20100<br>
69463 Lyon Cedex 06</span></td>
</tr>
<tr>
<td style="border:none;border-top:dotted #BFBFBF
1.0pt;padding:3.75pt 0cm 0cm 0cm" valign="top">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;color:gray;mso-fareast-language:FR"><a
href="http://www.thalesgroup.com/"
moz-do-not-send="true"><span
style="color:gray">www.thalesgroup.com</span></a></span></p>
</td>
</tr>
</tbody>
</table>
</td>
<td style="border: medium none; padding: 0cm; width: 481px;"
valign="top">
<p class="MsoNormal" style="text-align:right"
align="right"><img style="width: 174px; height: 22px;"
class="decoded" alt="Thales group"
src="https://www.thalesgroup.com/sites/all/themes/thales_front/images/logo.png"
moz-do-not-send="true"></p>
</td>
</tr>
</tbody>
</table>
<br>
-------- Message original --------<br>
Sujet: [midPoint] Approval by Org Manager - strange behavior<br>
Date: Mercredi 11 Avril 2018 21:19 CEST<br>
De: Wojciech Staszewski <a class="moz-txt-link-rfc2396E" href="mailto:wojciech.staszewski@diagnostyka.pl"><wojciech.staszewski@diagnostyka.pl></a><br>
Répondre à: midPoint General Discussion
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
Pour: midPoint General Discussion
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<br>
<br>
<blockquote type="cite"
cite="b7e7d58f-1245-2459-1449-295649fc05b1@diagnostyka.pl">Hello!<br>
<br>
I have a role with approval by Org Manager.<br>
<br>
- If I (The SuperUser) assign this role to a common user, the
workflow<br>
is starting and manager gets a work item to do.<br>
- If the user itself is requesting for the same role using
SelfService,<br>
the approval tasks is rejected automatically with "no approvers
found"<br>
message.<br>
<br>
The approval metarole inducement, this is Ctrl+C & Ctrl+V
from Evolveum<br>
example, except evaluationStrategy:<br>
<br>
<inducement id="2"><br>
<policyRule><br>
<policyConstraints><br>
<assignment id="1"/><br>
</policyConstraints><br>
<policyActions><br>
<approval id="3"><br>
<compositionStrategy><br>
<order>10</order><br>
</compositionStrategy><br>
<approvalSchema><br>
<level id="4"><br>
<name>Approval by organization
managers (first<br>
decides)</name><br>
<approverExpression><br>
<script<br>
xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a><br>
xsi:type="c:ScriptExpressionEvaluatorType"><br>
<br>
<code>midpoint.getManagersOidsExceptUser(object)</code><br>
</script><br>
</approverExpression><br>
<evaluationStrategy>firstDecides</evaluationStrategy><br>
<outcomeIfNoApprovers>reject</outcomeIfNoApprovers><br>
</level><br>
</approvalSchema><br>
</approval><br>
</policyActions><br>
</policyRule><br>
<activation><br>
<administrativeStatus>enabled</administrativeStatus><br>
</activation><br>
</inducement><br>
<br>
The user is a member of two Org Units. Only one of them has a
manager.<br>
But I unassign the user from one OU, that has no manager and
this not<br>
helped.<br>
<br>
V 3.7.1.<br>
Any ideas? Thanks!<br>
Wojciech Staszewski<br>
_______________________________________________<br>
midPoint mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>