<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Brandon,</p>
<p>if I remember correctly, this question was opened once or twice
(in the last years), for example here:</p>
<p><a moz-do-not-send="true"
href="https://lists.evolveum.com/pipermail/midpoint/2017-December/004293.html">https://lists.evolveum.com/pipermail/midpoint/2017-December/004293.html</a></p>
<p>The basic question (posed also in the above mentioned thread) is:
what should midPoint do if there would be a rejection of the role
assignment?</p>
<p>To keep things consistent, the change would need to affect even
the source resource. So it would stop propagating the value to
specific user attribute, and then to the role assignment.</p>
<p>Or, such a rejection would need to set up a flag that would be
respected by the mappings involved (inbound mapping providing user
attribute or template mapping providing the role assignment), so
that they would start ignoring the data coming from the source
resource. But this is definitely not a standard behavior of
midPoint approvals component.</p>
<p>Hope this helps,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 12/10/2020 15:18, Brandon Powers via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAP-GOHcfdhi_tPOW0oTFSAQ6YiAAGvqTUSTeVFQaj1f9DjmBjg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hello all,</div>
<div><br>
</div>
<div>We are interested in approval workflows for assignments
that are applied to users automatically via default user
template mappings (utilizing assignmentTargetSearch). So far,
we've been unsuccessful in finding a way to trigger the
approval policy constraint when the assignment is made
automatically via an object template mapping (the approval
workflow does kick off when <i>manually</i> assigning the
org/role, however). </div>
<div><br>
</div>
<div>I've had a lot of trouble finding any documentation on the
matter to determine if this is supported or not, so I wanted
to reach out and see if anyone could offer any insight on the
matter? Perhaps there is undocumented functionality that
allows this, or a speicifc approach that should be taken.</div>
<div><br>
</div>
<div>For more context, we have auto assignments via the default
user template to assign orgs based on the value of a specific
user attribute which is defined from one of our resource's
inbound mappings.</div>
<div><br>
</div>
<div>Any insight on the matter from anyone is greatly
appreciated!</div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div style="text-align:left"><br>
</div>
<div style="text-align:left">Brandon Powers</div>
<div>
<div style="text-align:left"><span>Exclamation
Labs</span></div>
<span>
<div style="text-align:left">300 Washington
Street</div>
</span><span>
<div style="text-align:left">Cumberland, MD
21502</div>
</span>
<div><a value="+18885455008"
style="color:rgb(17,85,204)"
href="tel:888.545.5008" target="_blank"
moz-do-not-send="true">888.545.5008</a><span
style="color:rgb(34,34,34)"> or </span><a
value="+13017225008"
style="color:rgb(17,85,204)"
href="tel:301.722.5008+ext+144"
target="_blank" moz-do-not-send="true">301.722.5008
ext 144</a></div>
<span>
<div style="text-align:left">fax <a
value="+13017222183"
style="color:rgb(17,85,204)"
moz-do-not-send="true">301.722.2183</a></div>
</span>
<div><a
href="mailto:brandon@exclamationlabs.com"
style="color:rgb(17,85,204)"
target="_blank" moz-do-not-send="true">brandon@exclamationlabs.com</a></div>
<span>
<div style="text-align:left"><a
href="mailto:brandon@exclamationlabs.com"
style="color:rgb(17,85,204);font-size:13px" target="_blank"
moz-do-not-send="true">www.exclamationlabs.com</a></div>
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>