<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Brad,</p>
<p>
<blockquote type="cite">Thank you so much for pointing me in the
right direction. This may still be a bit over my head, but I
think I understand how this would work. I'm thinking this would
be a Global Policy Rule since it's not part of a Role or Service
assignment. Is that right?</blockquote>
Yes, using global policy rule is the simplest way.</p>
<p>Generally, the policy rule can be attached to your users also
using metaroles or archetypes, but global policy rule is the
mechanism to start with.</p>
<p>
<blockquote type="cite">Also, just to verify I'm using the right
the focusSelector: Since I'm wanting to watch for changes on a
User Attribute, would I be using UserType?</blockquote>
Yes, exactly.</p>
<p>
<blockquote type="cite">
Since I am only wanting to act on modifications to a single
existing attribute value (and ignore the initial value
insertion) would my policyConstraints look something like what I
have below?</blockquote>
Yes.</p>
<p>
<blockquote type="cite">
And finally, is there a list somewhere or samples of the
possible policyActions? </blockquote>
The "official" documentation is the one I sent you earlier.
Unfortunately, there is very little on the policy actions or
constraints.</p>
<p>Sources that might be of use for you:<br>
</p>
<ul>
<li>XSD (schema) documentation,</li>
<li>samples - the best ones can be used in the test code (i.e.
"src/test/resources" in respective maven modules),</li>
<li>some experimental ("thinking aloud") pages on the wiki, e.g. <a
moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Policy+Constraints">https://wiki.evolveum.com/display/midPoint/Policy+Constraints</a>
and children. But no guarantees of any applicability or even
correctness here.<br>
</li>
</ul>
<p>A sample you could find useful is e.g. this one: <a
moz-do-not-send="true"
href="https://github.com/Evolveum/midpoint/blob/ebd94acf925f97a55609451bb5253471b8b8d983/model/workflow-impl/src/test/resources/objects-advanced/system-configuration.xml#L63-L84">https://github.com/Evolveum/midpoint/blob/ebd94acf925f97a55609451bb5253471b8b8d983/model/workflow-impl/src/test/resources/objects-advanced/system-configuration.xml#L63-L84</a></p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 07/08/2020 15:59, Brad Firestone
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:e6a2e9c2-b0f4-38c6-61f4-f430355d2af0@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hello Pavol,<br>
<br>
Thank you so much for pointing me in the right direction. This
may still be a bit over my head, but I think I understand how this
would work. I'm thinking this would be a Global Policy Rule since
it's not part of a Role or Service assignment. Is that right?<br>
<br>
Also, just to verify I'm using the right the focusSelector: Since
I'm wanting to watch for changes on a User Attribute, would I be
using UserType?<br>
<br>
Since I am only wanting to act on modifications to a single
existing attribute value (and ignore the initial value insertion)
would my policyConstraints look something like what I have below?<br>
<br>
I'm hoping something like this might be close:<br>
<span style="font-size: 14px;"></span><code class="xml plain"
style="font-family: Consolas, "Bitstream Vera Sans
Mono", "Courier New", Courier, monospace;
border-radius: 0px; background: none; border: 0px; bottom: auto;
float: none; height: auto; left: auto; line-height: 20px;
margin: 0px; outline: 0px; overflow: visible; padding: 0px;
position: static; right: auto; text-align: left; top: auto;
vertical-align: baseline; width: auto; box-sizing: content-box;
font-weight: normal; font-style: normal; font-size: 14px;
min-height: inherit; color: rgb(0, 0, 0) !important;"></code><systemConfiguration><br>
...<br>
<globalPolicyRule><br>
<name>watch-for-change-in-systemA_ID-value</name><br>
<policyConstraints><br>
<modification><br>
<operation>modify</operation><br>
<item>extension/systemA_ID</item><br>
</modification><br>
</policyConstraints><br>
<policyActions><br>
????<br>
</policyActions><br>
<focusSelector><br>
<type>UserType</type><br>
</focusSelector><br>
</globalPolicyRule><br>
...<br>
</systemConfiguration><br>
<code class="xml plain" style="font-family: Consolas,
"Bitstream Vera Sans Mono", "Courier New",
Courier, monospace; border-radius: 0px; background: none;
border: 0px; bottom: auto; float: none; height: auto; left:
auto; line-height: 20px; margin: 0px; outline: 0px; overflow:
visible; padding: 0px; position: static; right: auto;
text-align: left; top: auto; vertical-align: baseline; width:
auto; box-sizing: content-box; font-weight: normal; font-style:
normal; font-size: 14px; min-height: inherit; color: rgb(0, 0,
0) !important;"></code>
<div class="line number10 index9 alt1" style="margin: 0px;
padding: 0px 1em 0px 0em; border-radius: 0px; background: none
rgb(255, 255, 255); border: 0px; bottom: auto; float: none;
height: auto; left: auto; line-height: 20px; outline: 0px;
overflow: visible; position: static; right: auto; text-align:
left; top: auto; vertical-align: baseline; width: auto;
box-sizing: content-box; font-family: Consolas, "Bitstream
Vera Sans Mono", "Courier New", Courier,
monospace; font-weight: 400; font-style: normal; font-size:
14px; min-height: inherit; white-space: nowrap; color: rgb(51,
51, 51); font-variant-ligatures: normal; font-variant-caps:
normal; letter-spacing: normal; orphans: 2; text-indent: 0px;
text-transform: none; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration-style: initial;
text-decoration-color: initial;"><code class="xml plain"
style="font-family: Consolas, "Bitstream Vera Sans
Mono", "Courier New", Courier, monospace;
border-radius: 0px; background: none; border: 0px; bottom:
auto; float: none; height: auto; left: auto; line-height:
20px; margin: 0px; outline: 0px; overflow: visible; padding:
0px; position: static; right: auto; text-align: left; top:
auto; vertical-align: baseline; width: auto; box-sizing:
content-box; font-weight: normal; font-style: normal;
font-size: 14px; min-height: inherit; color: rgb(0, 0, 0)
!important;"><br>
</code></div>
And finally, is there a list somewhere or samples of the possible
policyActions? <br>
<br>
Thank you again for your response. I appreciate it even if you
don't have time to answer all my follow up questions. :-)<br>
Brad<br>
<br>
<br>
<br>
<blockquote type="cite"
cite="mid:mailman.5.1596621601.11405.midpoint@lists.evolveum.com">
<pre wrap="">Date: Tue, 4 Aug 2020 20:45:41 +0200
From: Pavol Mederly <a class="moz-txt-link-rfc2396E" href="mailto:mederly@evolveum.com" moz-do-not-send="true"><mederly@evolveum.com></a>
To: <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com" moz-do-not-send="true">midpoint@lists.evolveum.com</a>
Subject: Re: [midPoint] Notification or approval for attribute change
Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:b7df03f1-fe9a-b486-3a06-3c44d562b454@evolveum.com" moz-do-not-send="true"><b7df03f1-fe9a-b486-3a06-3c44d562b454@evolveum.com></a>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello Brad,
you could have a look at policy rules
<a class="moz-txt-link-rfc2396E" href="https://wiki.evolveum.com/display/midPoint/Policy+Rules" moz-do-not-send="true"><https://wiki.evolveum.com/display/midPoint/Policy+Rules></a>. In
particular, using policy conditions you can recognize situations when
object is modified (i.e. not added nor deleted) and specific property is
changed. And using policy actions you can do whatever you need, e.g.
send notification ("notification" action), initiate approval ("approval"
action), do any change ("scriptExecution" action), etc.
Setting of current timestamp value to a database table (attached to the
user as a resource) should be doable also using mappings, provided that
appropriate condition (user is not new) is written.
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 04/08/2020 20:40, Brad Firestone wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi All,
I have a situation where a certain User attribute might be changed by
multiple people. If that attribute value is changed, we'd like to
either set a different attribute value on a certain database table
resource, or send a notification that the attribute value was changed.
Or if there was a way to run that attribute value change through an
approval process, that would work too.
Here's an example:
Existing (extension) attribute: SystemA_ID
If a new user is created, populate the database table with the initial
value, no notification needed.
If SystemA_ID value is changed through an administrative action in the
GUI (user channel) do one of the following:
- send a notification email to a certain address to advise them of
the change. OR..
- place a current timestamp value in a separate column in the database
table such as: SystemA_ID_changeDate. OR...
-initiate an approval process to approve the value change of this
extension attribute.
Does anyone have any ideas of how to accomplish this? Thanks for any
suggestions!
Brad
</pre>
</blockquote>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>