<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Jussi,</p>
<p><br>
</p>
<p>we are using the following setup in MidPoint Advanced Training:</p>
<p><br>
</p>
<p>- the roles which are requestable, may have one or several
metaroles assigned; these metaroles contain policy rules</p>
<p>- one policy is for manager approval; one policy is for role
approver approval; last one is for security officer approval
(anyone who is member of organization called SECURITY)<br>
</p>
<p><br>
</p>
<p>The security officer approval is optional; it only happens if
archetype of the user for which the request is done is not
Employee. This is done in inducement condition (blue font below).<br>
</p>
<p><br>
</p>
<p>(So this is not requester, but requestee. Anyway I will share
it.)</p>
<p><br>
</p>
<p><font face="Courier New, Courier, monospace">
<inducement><br>
<policyRule><br>
<policyConstraints><br>
<assignment><br>
<operation>add</operation><br>
</assignment><br>
</policyConstraints><br>
<policyActions><br>
<approval><br>
<compositionStrategy><br>
<order>100</order><br>
</compositionStrategy><br>
<approvalSchema><br>
<stage><br>
<name>Security Officer
(any)</name><br>
<approverRef type="OrgType"><br>
<filter><br>
<q:equal><br>
<q:path>name</q:path><br>
<q:value>SECURITY</q:value><br>
</q:equal><br>
</filter><br>
<resolutionTime>run</resolutionTime><br>
</approverRef><br>
<evaluationStrategy>firstDecides</evaluationStrategy><br>
<groupExpansion>onWorkItemCreation</groupExpansion><br>
<outcomeIfNoApprovers>reject</outcomeIfNoApprovers><br>
<!-- FIXME if there are no
approvers, request is rejected --><br>
</stage><br>
</approvalSchema><br>
</approval><br>
</policyActions><br>
</policyRule><br>
<font color="#1b70e5"><condition><br>
<expression><br>
<script><br>
<code>!midpoint.hasArchetype(focus,
"7135e68c-ee53-11e8-8025-170b77da3fd6") <!-- Employee
--></code><br>
</script><br>
</expression><br>
</condition></font><br>
</inducement></font></p>
<p><br>
</p>
<p>Hope this helps at least somehow.<br>
</p>
<p><br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 24. 8. 2022 13:23, Jussi Jokela via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DU0PR10MB5194184BC6A15FC02266CF5993739@DU0PR10MB5194.EURPRD10.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Hi everyone,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Is it possible to use policy constraints that are based on the
requester? For example, if creating an assignment request and
the requester is superuser, the approval process should be
skipped and the request is automatically approved. I didn't find
any documentation or examples how to achieve this, atleast
anything that is not deprecated.</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Thanks in advance.</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Best regards,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Jussi Jokela<br>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Expert Identity Engineer
evolveum.com
</pre>
</body>
</html>