Skip to main content

NetIQ IDM - How to close a workflow request based on a group membership (NetIQ Userapp workflow forms)


Solution:

Suppose you want to close a request form by cancelling it upon a certain condition, such as if the caller is requires to be member of a specific eDirectory group.

1. On the request form,  add a field called "recipient". i.e the caller of the form
2. Workflow->Start->Data-Item-Mapping, Add  "recipient" as the source expression
3. On the request form field "recipient", Properties add event "onload"
4  Paste the following script:


function CheckGroupAccess(userDN)
 {

 var isMember;

 var grp = IDVault.get(null,userDN,'user','group');

 var access_grp = "ACCESS_GROUP_DN";

access_grp = access_grp.toLowerCase();

var lvEnt = Array();

lvEnt = grp;

var EntSize = lvEnt.length-1;

  for (var i = 0; i <= EntSize; i++)
     {
        currentEnt=lvEnt[i].toString().toLowerCase();

if (currentEnt.match(access_grp))
{isMember="x";
  break ;}
  else
  continue;
  };

 return isMember;

 }


5. Add the following script on the same page below or above the previous one

try{



if (CheckGroupAccess(field.getValue()) != "x"){

  alert("You are not authorized for this form, closing request form");
       form.submit("CancelAction");
}
     // DEPENDS ON YOUR CHOICE
    //form.showMsg("Authorized ok, please proceed");

}catch(e){
 alert(e);
}

Comments

Maqsood Bhatti said…
I just added this code since the workflow default Trustee rights functionality never worked for me in any version. they should remove it or should call it something else like "Authenticated Users"
September 25, 2015 at 4:35 AM
Post a Comment

Popular posts from this blog

Experience writing a Java based DirXML Driver

Based on the customer project, I wrote a DirXML driver which provision users through Novell Identity Manager 3.5.1 to their company intranet portal ( A Plone System). The portal exposed the RESTful API interfaces. So I started looking first at the Novell SOAP driver to see if it fit our needs. But while reading the driver documentation i felt it required too much XSLT knowledge + more customization and testing on the driver. And again it used the Apache HttpClient, Which is more a HttpClient rather then it targets to any specific protocol implementation. So If you could build SOAP messages at your own so it would help you in transporting these message back and forth between IDM and Application. The Novell SOAP driver comes up with two built in configurations "SPML and DSML", but in my case none of them were suitable. I had always wished to write my own DirXML driver at my own, so I thought why not just take this opportunity to fulfill my wish and at the same time get s...
1 comment
Read more

NetIQ IDM - Adding operation-data to subscriber command transformaiton custom commands

Recently i had to execute EOL cmdlets using psexecute though new NetIQ azure ad driver, since this operation is fire and forget in nature, i would like to track whole request and response for my own generated commands from subscriber command transofrmaiton policy, so i solved it by following policy: < do-set-dest-attr-value direct = "true" name = "psexecute" > < arg-association > < token-resolve datastore = "src" > < arg-dn > < token-text xml:space = "preserve" > {userref} </ token-text > </ arg-dn > </ token-resolve > </ arg-association > < arg-value type = "string" > < token-local-variable name = "cmdlet" /> </ arg-value > </ do-set-dest-attr-value > < do-append-xml-element expression = "../modify[@direct]" na...
2 comments
Read more