Skip to main content

NetIQ IDM - How to close a workflow request based on a group membership (NetIQ Userapp workflow forms)


Solution:

Suppose you want to close a request form by cancelling it upon a certain condition, such as if the caller is requires to be member of a specific eDirectory group.

1. On the request form,  add a field called "recipient". i.e the caller of the form
2. Workflow->Start->Data-Item-Mapping, Add  "recipient" as the source expression
3. On the request form field "recipient", Properties add event "onload"
4  Paste the following script:


function CheckGroupAccess(userDN)
 {

 var isMember;

 var grp = IDVault.get(null,userDN,'user','group');

 var access_grp = "ACCESS_GROUP_DN";

access_grp = access_grp.toLowerCase();

var lvEnt = Array();

lvEnt = grp;

var EntSize = lvEnt.length-1;

  for (var i = 0; i <= EntSize; i++)
     {
        currentEnt=lvEnt[i].toString().toLowerCase();

if (currentEnt.match(access_grp))
{isMember="x";
  break ;}
  else
  continue;
  };

 return isMember;

 }


5. Add the following script on the same page below or above the previous one

try{



if (CheckGroupAccess(field.getValue()) != "x"){

  alert("You are not authorized for this form, closing request form");
       form.submit("CancelAction");
}
     // DEPENDS ON YOUR CHOICE
    //form.showMsg("Authorized ok, please proceed");

}catch(e){
 alert(e);
}

Comments

Maqsood Bhatti said…
I just added this code since the workflow default Trustee rights functionality never worked for me in any version. they should remove it or should call it something else like "Authenticated Users"
September 25, 2015 at 4:35 AM
Post a Comment

Popular posts from this blog

My own developed - Active Directory Cache Inspector for AD Driver Novell Identity manager

Sometimes there is a need for us (Consultants) to see a snapshot of all the changes that happened on the Active directory side while the Novell AD IDM driver was stopped or was not running, before we decide to start the AD driver. Since Novell Identity Manager currently allows us to see all the events which happened in the Identity vault only, but not on the AD side, I decided to write such a tool myself, and of course wanted to share this tool with the consultants/community out there. It's a .NET 2.0 WinForm application, written in C# programming language. To run this tool you should have at minimum: .NET 2.0 framework installed, ( Not supported on the Linux platforms yet) This application must be run under the same user which is configured on the AD driver. Short Tutorial (How To): When you run the application (ADCView.exe), the application automatically discovers the current domain, a domain controller, and default domain naming context in the user logged in domain automatically
Post a Comment
Read more

NETIQ IDM - Boost strap your start with identity application REST API

Boost strap your start with identity application REST API: If you want to play out with NetIQ rest API within identity application (IDMProv), you can see a few examples here: these are the rest API protected by Oauth2 Authorization (resource owner password credentials grant): The first step is to obtain token: ( you must have enabled client "rbpm" in the OSPF for the resource owner password credential grant) flow: An example is taken in c#: (postman) Get an access token: var client = new RestClient("https://<your host>/osp/a/idm/auth/oauth2/grant"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", "Basic Basic bas64 encoded string clientid<rbpm>:clientsecret>"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); req
Post a Comment
Read more