Symantec IGA

 View Only
  • 1.  Custom participant resolver IDM

    Posted Jul 28, 2017 08:01 AM

    Hello,

     

    For our client we have implemented Access roles with custom field containing the approvers. Please find screenshot below for same :-

    Access role description

     

    Approver 1 here contains the value which corresponds to the location attribute of the approver.

    Approver 2 here contains value of Access Role.

     

    It is to be noted that Value in these two above mentioned attributes are different for different roles.

     

    Client wants us to implement workflow approval on "AssignAccessRoleEvent" in a way that approvers are resolve based on the entries in the above mentioned field for the role requested in task. That is suppose a user requests role "T_FIL_AD_Basis_0904" then approvers should be resolved as the users which have location attribute as 0904 and are members of access role T_App_Basic.

     

    For this we are trying to implement a custom participant resolver. We have gone through the sample code shipped with product. Taking cues from that we are trying to code below but we are facing following issues :-

     

    1. Since this is a user event (AssignAccessRoleEvent) , how can we fetch the Access role which is being requested in the task?

     

    2. Suppose we are able to fetch the role as well , then to fetch the approver attribute will this statement work :-

                 String approver1= role.getCustomField(01);
                 String approver1= role.getAttribute("custom01");

     

    3. The search expression that we have coded is as follows:-

                 SearchExpression exp= new SearchExpression("roomNumber", OperatorType.EQUALS, approver1);
                 SearchExpression exp1= new SearchExpression("imString02", OperatorType.CONTAINS, approver2);
                 Vector searcVector=new Vector();
                 searcVector.addElement(exp);
                 searcVector.addElement(exp1);

     

    Can we use this for finding users in directory ?

    Sample code can be like this--  user.getUserProvider().findUsers(searcVector, , _attributes.elements());

    or is there better way of doing this because it says we need to include OrganizationConstraint in here as second argument. And this also does not take searcVector as argument as it is not UserFilter type.

    What can be the best approach to constitute the search query here ?

     

    Can anyone here help us in this customized code requirement? Any assistance is highly appreciated.

     

    Thanks,
    Shashank



  • 2.  Re: Custom participant resolver IDM

    Broadcom Employee
    Posted Aug 02, 2017 05:08 AM

    Hi Shashank,

     

    1. Since this is a user event (AssignAccessRoleEvent) , how can we fetch the Access role which is being requested in the task?

    Have you tried this approach?

    AccessRoleProvider accessRoleProviderObj = ParticipantResolverContext.getAccessRoleProvider()

    AccessRole accessRoleObj = accessRoleProviderObj.findAccessRole();

    Vector accessRoleVec = accessRoleProviderObj.searchAccessRoles();

     

     

    2. Suppose we are able to fetch the role as well , then to fetch the approver attribute will this statement work :-

    String approver1= role.getCustomField(01);
    String approver1= role.getAttribute("custom01");

     

    Once AccessRole object is extracted, getCustomField() should work.

     

    3. The search expression that we have coded is as follows:- Can we use this for finding users in directory ?

    Users can be searched in following manner. Following is JavaScript, equivalent Java can be written:

                   importClass(Packages.com.netegrity.llsdk6.imsapi.policy.rule.constraints.UserFilter);

         importClass(Packages.com.netegrity.llsdk6.imsapi.policy.rule.constraints.OrgMembershipConstraint);

                   importClass(Packages.com.netegrity.llsdk6.imsapi.collections.AttributeRightsCollection);

                   importClass(Packages.com.netegrity.llsdk6.imsapi.policy.rule.constraints.AttributeExpression);

                   importClass(Packages.com.netegrity.llsdk6.imsapi.type.OperatorType);

                   importClass(Packages.com.netegrity.llsdk6.imsapi.type.ConjunctionType);

                   importClass(Packages.com.netegrity.llsdk6.imsapi.managedobject.User);

                   var ae11 = AttributeExpression("roomNumber", OperatorType.EQUALS, "approver1")

                   var ae12 = AttributeExpression("imString02", OperatorType.EQUALS, "approver2")

                  

    var exprs = new Vector();

    exprs.add(ae11);exprs.add(ae12);

    var conjs = new Vector();

    conjs.add(ConjunctionType.AND);

    var uf = new UserFilter(exprs,conjs);

    var users = usrPrvdr.findUsers(uf, null, null);

                   for (i=0;i<users.size();i++){

                                  var userID = users.elementAt(i).getFriendlyName();

    }

     

     

    Regards,

    Sumeet

     



  • 3.  Re: Custom participant resolver IDM

    Posted May 10, 2018 05:05 AM

    Hi Sumeet

     

    I am using below code in participant resolver to send approval to user's manager:

     

    String managerName = user.getAttribute("eTCustomField22");
    User manager = up.findUser(managerName, null);
    System.out.println("Manager name is: " + managerName);
    partResolvers.add(manager);

     

    1. Instead of User Manager, I need to send approval to Members of Access Role(ManagerAccessRole) at first level.

    Could you help me in letting know, which APIs I need to use to send approval to Access Role Members. In worst case, if not possible with Access Role, then how to send approval to Admin Role members.

     

    2. At second level, I need to send approval to Members of Access Role(AdminAccessRole).

    If I add just one more statement(In example, assuming second approver is Manager's-manager):

    partResolvers.add(manager's-manager);

    Will it become two level approval by just adding another approver.(So if Manager approve it, it goes to Manager's Manager at second level)

     

    Regards

    Jaspreet