Here's the scenario: FIM MA HR MA AD MA An employee record is entered into the HR system, which gets imported into the FIM MV and a person object created in the FIM Portal through a Sync rule. Another Sync rule will subsequently create an account in AD. For the sake of this discussion, let's assume inbound and outbound attribute flows for the last name are set up on both HR and AD. Profile management has been setup in the FIM Portal, which will allow end users to change certain information in their profile (i.e. last name). When an employee changes their last name, an approval workflow is kicked off within FIM. After being approved, the changed value would be exported back out to HR and AD, in effect making the FIM Portal the authoritative source for that attribute, with HR only being the initial source. And this is where we get into problems. Precedence for that attribute has the following order set: FIM MA HR MA AD MA If equal precedence is NOT set, when the HR Sync rule creates the FIM resource for that person, the subsequent export attribute flow on the FIM MA gives us the "Skipped: Not Precedent" status on the last name, which results in the FIM resource not having a last name set. It seems that the person resource is only provisioned by FIM with the bare necessities to create that resource, and then the FIM MA export attribute flows are used to populate the resource with data, which is where we run afoul of the precedence settings. If I was coding this in ILM, I could set those initial values during the object creation within provisioning. If equal precedence is set, then the FIM resource gets created and the last name is properly set on the resource. However, if someone changes the AD account's last name, because of the equal precedence, that change would flow back into FIM and get processed. Given that when the FIM Synchronization Service engine is exporting, all authentication (AuthN) and authorization (AuthZ) workflows are ignored and only action workflows will run, the whole approval process that's been setup for profile management gets bypassed, which is not what we're looking for. :) The ideal scenario would be to allow equal precedence so that: the FIM resource is properly created, based on the HR data the end user can change their last name through the FIM portal, pending approval from HR, and have that sync'ed to HR and AD HR staff could change a user's last name through the HR system and have that sync'ed to FIM and AD changes to the last name in AD are prevented from getting sync'ed to FIM and HR without going through an approval process I've seen Eric Huebner's suggestion (see Start Approval Workflow from HR Feed) about setting a different Actor ID on the workflow activities, but I'm wondering what thoughts are regarding this scenario and what other suggestions would be for handling this.Thanks,MarcMarc Mac Donell, ILM MVP, VP Identity and Access Solutions, Avaleris Inc.