cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Conditional Context Provisioning

Go to solution
Murali_Shanmu
Active Contributor

on ‎03-22-2013 1:09 PM

0 Kudos

Hi,

I have an understanding of how the basic Conditional Context Provisioning work. I have STORE as a context and the Business Role is ROLE:STORE_MANAGER. This role has the below privileges with Conditional context

PRIV:ERP:STORE_MANAGER_1001 (Conditional Context 1001)

PRIV:ERP:STORE_MANAGER_1002 (Conditional Context 1002)

PRIV:ERP:STORE_MANAGER_1003 (Conditional Context 1003)

As per the documentation, to achieve Conditional Context Provisioning, we have to use Guided Activity Assignment Task.

We already have a Live system and it is business as usual. For assignments, we always use the path "Manage" tab > select a Person > Modify Identity. In this screen we can either go to the Privilege tab or Role tab and make an assignment. The problem with Guided Activity Assignment Task is that it only allows us to either select a role or a privilege (Step 2). We do not want to introduce another screen just to add context based roles.

Wonder if I can enhance the existing screen ("Manage" tab > select a Person > Modify Identity Task) with a new field to select Context or capture this information in the validity popup screen which comes up when we add a role

Any suggestions.

Thanks,

Murali.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-26-2013 8:49 AM
0 Kudos

Hi Murali

You could create a custom lookup attribute called ex: SELECTEDCONTEXT:

General textattribute, set the presentation to single select and enter a SQL Query to pick your

context`s. If you have multiple context types you could create another dropdown as well.

In this case CTX_COUNTRY is my CTX_TYPE.

select mcmskeyvalue from idmv_entry_simple where mcmskey in (select mskey from idmv_value_basic where attrname='MX_ENTRYTYPE' and searchValue='CTX_COUNTRY')

If you now enable this attribute for entrytype MX_PERSON, and create a webenabled task that has
MXREF_MX_ROLE and SELECTEDCONTEXT.
Below this WebEnabled task you create an ActionTask with a toIdentityStorePass in it.
EntryType=MX_PERSON

MSKEYVALUE=%MSKEYVALUE%

MXREF_MX_ROLE={CTX=<%SELECTEDCONTEXT%>}%MXREF_MX_ROLE%

If you now assign a role from the WebUI to the user it will assign the Role both with and without context, so if you want to only assign the role with context you could remove the first one. This will cause some overhead in the events enginge, but at least it`s an option.

Another alternative is to write your own extension java class that can pick up the context from the

dropdown and add it to your assignment in the onSubmit event. In this case you would only get the role with context.

Any inherited privileges with  configured MX_CTX_CONDITIONAL will be assigned or not assigned based on their condition.


The implementation guide for the extension framework can be found here:
http://tinyurl.com/chpp7bm

Best regards
Roy Tronstad

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎03-26-2013 9:10 AM
0 Kudos

Roy,

Its a good work around. In my custom Web UI, how do I get to show "Available Roles" on the left hand side and also the "Assigned Roles" in the right hand side (Just like the Standard Screen) ?

Thanks,

Murali.

Former Member
‎03-26-2013 10:07 AM
0 Kudos

Hi Murali


Just play along with the attribute properties
For example:

Storage: Refferal attribute

Data type: Entry reference

Reference type: whatever attribute you want to refer to..

That might do the trick.


My best bet is that the easiest way of accomplishing what you want to do is to write a small extension class.

Best regards
Roy

Answers (1)

Answers (1)

Murali_Shanmu
Active Contributor
‎03-25-2013 5:15 AM
0 Kudos

Looks like I need to raise this in Idea Place

Show replies
Show replies
Ask a Question