® IBM Software Group 1362 - Implementation of Complex ITIM Workflows Fred Santos.
-
Upload
clifton-angers -
Category
Documents
-
view
222 -
download
4
Transcript of ® IBM Software Group 1362 - Implementation of Complex ITIM Workflows Fred Santos.
®
IBM Software Group
1362 - Implementation of 1362 - Implementation of Complex ITIM WorkflowsComplex ITIM WorkflowsFred SantosFred Santos
®
IBM Software Group
Fred SantosFred Santos
Pan EMEA Subject Matter Expert GroupPan EMEA Subject Matter Expert Group
®
IBM Software Group
IBM Software Group
3
AgendaAgendaITIM Workflow Concepts: a quick OverviewITIM Workflow Concepts: a quick Overview
Workflow TypesWorkflow Types
Workflow DataWorkflow Data
Workflow ElementsWorkflow Elements
Workflow and JavaScriptWorkflow and JavaScript
Workflow ExtensionsWorkflow Extensions
Complex ITIM Workflows by ExampleComplex ITIM Workflows by Example
IBM Software Group
4
AbstractAbstractITIM manages security policies by using workflows. The ability to develop customized workflows are essential to getting value out of an ITIM deployment and in high demand during customer engagements.
Skills Level: Advanced
IBM Software Group
5
Workflow TypesWorkflow TypesOperation WorkflowsOperation Workflows
Lifecycle ManagementLifecycle ManagementPersons and BPPersonsPersons and BPPersons
AccountsAccounts
GlobalGlobal
Entitlement WorkflowsEntitlement Workflows
Provisioning ProcessingProvisioning ProcessingAccountsAccounts
IBM Software Group
6
Operation WorkflowsOperation WorkflowsAssociated with manipulation of Entities:Associated with manipulation of Entities:
AccountAccount
PersonPerson
BPPersonBPPerson
Global workflows can be defined and Global workflows can be defined and called from other operation workflowscalled from other operation workflows
IBM Software Group
7
Operation WorkflowsOperation WorkflowsCan be defined at two levels:Can be defined at two levels:
Entity TypeEntity Type
EntityEntity
The Entity Type Workflows are inherited by all The Entity Type Workflows are inherited by all entities of that type.entities of that type.
E.g.: Operation Workflows defined at the level of Entity E.g.: Operation Workflows defined at the level of Entity Type Account, will be inherited by all Accounts, Type Account, will be inherited by all Accounts, regardless of profileregardless of profile
The Entity Workflows override those inherited The Entity Workflows override those inherited from the Entity Type levelfrom the Entity Type level
E.g.: a customized Modify NT account workflow E.g.: a customized Modify NT account workflow overrides the modify workflow inherited from the overrides the modify workflow inherited from the Account Entity TypeAccount Entity Type
IBM Software Group
8
Operation WorkflowsOperation WorkflowsPerson and BPPerson operations:Person and BPPerson operations:
AddAdd
ModifyModify
Delete Delete
SuspendSuspend
RestoreRestore
TransferTransfer
SelfRegisterSelfRegister
IBM Software Group
9
Operation WorkflowsOperation WorkflowsAccount Operations:Account Operations:
AddAdd
ModifyModify
DeleteDelete
SuspendSuspend
RestoreRestore
ChangePasswordChangePassword
IBM Software Group
10
Entitlement WorkflowsEntitlement WorkflowsSpecified in Provisioning PoliciesSpecified in Provisioning Policies
Entitlement Workflows are NOT Entitlement Workflows are NOT mandatorymandatory
Triggered by:Triggered by:Account AddAccount AddAccount ModifyAccount Modify
Executed before the relevant Operation Executed before the relevant Operation WorkflowWorkflow
The Operation Workflow do not start The Operation Workflow do not start before the Entitlement Workflow before the Entitlement Workflow completescompletes
IBM Software Group
11
Workflow DataWorkflow DataThree types of Workflow Data:Three types of Workflow Data:
Javascript variablesJavascript variables
Relevant DataRelevant Data
Workflow Context ObjectsWorkflow Context Objects
IBM Software Group
12
Javascript VariablesJavascript VariablesDefined in Javascript code:Defined in Javascript code:
Javascript NodesJavascript Nodes
Postscript tabsPostscript tabs
““Custom” code in some other NodesCustom” code in some other Nodes
Start and End NodesStart and End Nodes
Can’t be Serialized or made PersistentCan’t be Serialized or made Persistent
Exist in the context of their definitionExist in the context of their definition
When the node completes, all variables When the node completes, all variables will be out of scopewill be out of scope
IBM Software Group
13
Relevant DataRelevant DataDefined in the Workflow Properties pageDefined in the Workflow Properties page
Exists throughout the life of the workflowExists throughout the life of the workflow
Stored in the ITIM DatabaseStored in the ITIM Database
Can be associated with contexts:Can be associated with contexts:
SubjectSubject
RequesteeRequestee
BothBoth
Not ApplicableNot Applicable
IBM Software Group
14
Relevant DataRelevant DataTypes of Relevant Data:Types of Relevant Data:
Input/Output ParametersInput/Output Parameters
Workflow DefinedWorkflow Defined
User DefinedUser Defined
IBM Software Group
15
Input/Output Parameters in Input/Output Parameters in Entitlement WorkflowsEntitlement Workflows
Input Parameters:Input Parameters:
Entity – Account:Entity – Account:In an add request, it contains the data for the new In an add request, it contains the data for the new accountaccount
In an a modify request, it contains only the modified In an a modify request, it contains only the modified attributesattributes
ServiceServiceThe Service where the account exists or will be createThe Service where the account exists or will be create
Owner - Person:Owner - Person:The Person associated with the accountThe Person associated with the account
Output Parameters:Output Parameters:
Entity – AccountEntity – Account
IBM Software Group
16
Input Parameters in Operation Input Parameters in Operation WorkflowsWorkflows
Static Operations:Static Operations:
Add: Person or AccountAdd: Person or Account
(Account) Modify: Account(Account) Modify: Account
SelfRegister: PersonSelfRegister: Person
Non-Static Operations:Non-Static Operations:
Delete: Person or AccountDelete: Person or Account
(Person) Modify: Person(Person) Modify: Person
Suspend: Person or AccountSuspend: Person or Account
Restore: Person or AccountRestore: Person or Account
Transfer: PersonTransfer: Person
ChangePassword: AccountChangePassword: Account
IBM Software Group
17
System Defined and User System Defined and User Defined DataDefined Data
System Defined Data:System Defined Data:Defined only in some workflowsDefined only in some workflows
User Defined Data:User Defined Data:Defined in the Workflow Properties PageDefined in the Workflow Properties PageMade persistent in the ITIM DatabaseMade persistent in the ITIM DatabaseAccessed in Javascript withAccessed in Javascript with
userObject = ItemName.get();userObject = ItemName.get();
Changed in Javascript withChanged in Javascript withItemName.set(userObject);ItemName.set(userObject);
IBM Software Group
18
Workflow Context ObjectsWorkflow Context ObjectsContain information about the object in Contain information about the object in questionquestion
ActivityActivity
ProcessProcess
Accessible in Javascript codeAccessible in Javascript code
IBM Software Group
19
Workflow ElementsWorkflow ElementsStart and EndStart and End
ApprovalApproval
Request for InformationRequest for Information
Work OrderWork Order
ScriptScript
LoopLoop
Operation and SubprocessOperation and Subprocess
ExtensionExtension
Transition LinesTransition Lines
IBM Software Group
20
Workflow and JavaScriptWorkflow and JavaScriptMost Elements Allow Javascript code to be Most Elements Allow Javascript code to be executed:executed:
Start and End NodesStart and End Nodes
Script NodesScript Nodes
Postscript Tabs (Approval, Extension, …)Postscript Tabs (Approval, Extension, …)
Transition LinesTransition Lines
Allows:Allows:
Manipulation of Relevant DataManipulation of Relevant Data
Conditional logic in Transition LinesConditional logic in Transition Lines
IBM Software Group
21
Workflow and JavascriptWorkflow and JavascriptFESI Extensions can be used in Javascript FESI Extensions can be used in Javascript codecode
Created as Java classes implementing the Created as Java classes implementing the Javascript APIJavascript APIInstalled in the ITIM classpathInstalled in the ITIM classpathRegistered in enRole.propertiesRegistered in enRole.properties
Used asUsed asObjectsObjects
var userObj = new extObject();var userObj = new extObject();
FunctionsFunctionsvar userVar = extFunction(val1, val2);var userVar = extFunction(val1, val2);
IBM Software Group
22
Workflow ExtensionsWorkflow ExtensionsJava classes implementing the Workflow Java classes implementing the Workflow APIAPI
Installed in the ITIM classpathInstalled in the ITIM classpathRegistered in workflowextensions.xmlRegistered in workflowextensions.xml
Used by adding an Extension node in the Used by adding an Extension node in the WorkflowWorkflow
Select the class name in Extension NameSelect the class name in Extension NameMap the Input and Output Parameters to Map the Input and Output Parameters to Relevant DataRelevant Data
The Input and Output Parameters are defined The Input and Output Parameters are defined in the Java classin the Java class
IBM Software Group
23
Workflow ExtensionsWorkflow ExtensionsCan be used toCan be used to
Hide sensitive processing logicHide sensitive processing logic
Access external data storesAccess external data storesFilesFiles
DatabasesDatabases
LDAP ServersLDAP Servers
Implement logic difficult to code or Implement logic difficult to code or inefficient in Javascriptinefficient in Javascript
Number crunchingNumber crunching
Encapsulate processing in a single nodeEncapsulate processing in a single node
IBM Software Group
24
Complex Workflows:Complex Workflows:Example 1Example 1
Global Operation (Account Entity Type)Global Operation (Account Entity Type)
Approval_ProcessApproval_Process
IBM Software Group
25
Complex Workflows:Complex Workflows:Example 1Example 1
// Initialise loop instance counter to zero and exitloop switch to false. // Initialise loop instance counter to zero and exitloop switch to false. loopinstance.set(0);loopinstance.set(0);exitloop.set("false");exitloop.set("false");// Check current process type. If not Account Process Type, Loop back through Parent Processes // Check current process type. If not Account Process Type, Loop back through Parent Processes // until Account Process type is found or until the root Parent reached. Default value is et to unknown. // until Account Process type is found or until the root Parent reached. Default value is et to unknown. current = process;current = process;exitwhile = false;exitwhile = false;parentType = "";parentType = "";parentTypeDesc.set("Unknown");parentTypeDesc.set("Unknown");while (!exitwhile) {while (!exitwhile) { if ((current.type.substring(0,1)=="A" || current.type.substring(0,1)=="L") && current.type.length == 2){if ((current.type.substring(0,1)=="A" || current.type.substring(0,1)=="L") && current.type.length == 2){ parentType=current.type;parentType=current.type; exitwhile = true;exitwhile = true; } else if (current.parentId == 0 || current.parentId == "0"){} else if (current.parentId == 0 || current.parentId == "0"){ exitwhile = true;exitwhile = true; } else {current=current.getParent();}} else {current=current.getParent();}}}if (parentType=="AA") {parentTypeDesc.set("Account Add");} elseif (parentType=="AA") {parentTypeDesc.set("Account Add");} elseif (parentType=="AC") {parentTypeDesc.set("Account Change");} elseif (parentType=="AC") {parentTypeDesc.set("Account Change");} elseif (parentType=="AP") {parentTypeDesc.set("Account Password Change");} elseif (parentType=="AP") {parentTypeDesc.set("Account Password Change");} elseif (parentType=="LS") {parentTypeDesc.set("Suspend Multiple Accounts");} elseif (parentType=="LS") {parentTypeDesc.set("Suspend Multiple Accounts");} elseif (parentType=="LR") {parentTypeDesc.set("Restore Multiple Accounts");} elseif (parentType=="LR") {parentTypeDesc.set("Restore Multiple Accounts");} elseif (parentType=="LD") {parentTypeDesc.set("Delete Multiple Accounts");} elseif (parentType=="LD") {parentTypeDesc.set("Delete Multiple Accounts");} elseif (parentType=="LP") {parentTypeDesc.set("Change Password for Multiple Accounts");} elseif (parentType=="LP") {parentTypeDesc.set("Change Password for Multiple Accounts");} elseif (parentType=="AS") {parentTypeDesc.set("Suspend Account");} elseif (parentType=="AS") {parentTypeDesc.set("Suspend Account");} elseif (parentType=="AR") {parentTypeDesc.set("Restore Account");} elseif (parentType=="AR") {parentTypeDesc.set("Restore Account");} elseif (parentType=="AD") {parentTypeDesc.set("Delete Account");}if (parentType=="AD") {parentTypeDesc.set("Delete Account");}// otherAccount Check// otherAccount Checkif (service.get().getProperty("erservicename")[0] == "otherAccount") {if (service.get().getProperty("erservicename")[0] == "otherAccount") { otherAccountCheck.set("true")otherAccountCheck.set("true")}}parentTypeDesc.get(); parentTypeDesc.get();
IBM Software Group
26
Complex Workflows:Complex Workflows:Example 1Example 1
SubjectSubject<JS>function getprop(ob, prop){x=ob.getProperty(prop);if (x.length != 0){return <JS>function getprop(ob, prop){x=ob.getProperty(prop);if (x.length != 0){return
x[0];}else{return "";}}"";</JS>ARMS <JS>if (otherAccountCheck.get() == "false") x[0];}else{return "";}}"";</JS>ARMS <JS>if (otherAccountCheck.get() == "false") {return (service.get().getProperty("erservicename")[0]);} else {return {return (service.get().getProperty("erservicename")[0]);} else {return (getprop(entity.get(), "erOtherAccountService"));}</JS> <JS>if (getprop(entity.get(), "erOtherAccountService"));}</JS> <JS>if (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (getprop(entity.get(), "erOtherAccountOperation"));}</JS> Request For (getprop(entity.get(), "erOtherAccountOperation"));}</JS> Request For <JS>o=owner.get();getprop(o,"cn");</JS> Waiting for Your approval<JS>o=owner.get();getprop(o,"cn");</JS> Waiting for Your approval
MessageMessage<JS>function getprop(ob, prop){ x=ob.getProperty(prop); if (x.length != 0) { return <JS>function getprop(ob, prop){ x=ob.getProperty(prop); if (x.length != 0) { return
x[0]; } else { return ""; }}"";</JS>There is a <JS>if (otherAccountCheck.get() == x[0]; } else { return ""; }}"";</JS>There is a <JS>if (otherAccountCheck.get() == "false") {return (service.get().getProperty("erservicename")[0]);} else {return "false") {return (service.get().getProperty("erservicename")[0]);} else {return (getprop(entity.get(), "erOtherAccountService"));}</JS> account <JS>if (getprop(entity.get(), "erOtherAccountService"));}</JS> account <JS>if (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (getprop(entity.get(), "erOtherAccountOperation"));}</JS> request for (getprop(entity.get(), "erOtherAccountOperation"));}</JS> request for <JS>o=owner.get();getprop(o,"cn");</JS> waiting for your approval.<JS>if <JS>o=owner.get();getprop(o,"cn");</JS> waiting for your approval.<JS>if (otherAccountCheck.get() != "false") {return ("\nAccount Information: " + (otherAccountCheck.get() != "false") {return ("\nAccount Information: " + getprop(entity.get(), "erotheraccountcontent") +"\n");} else {return ("");}</JS>Please getprop(entity.get(), "erotheraccountcontent") +"\n");} else {return ("");}</JS>Please see the service charging information for <JS>if (otherAccountCheck.get() == "false") see the service charging information for <JS>if (otherAccountCheck.get() == "false") {return (service.get().getProperty("erservicename")[0]);} else {return {return (service.get().getProperty("erservicename")[0]);} else {return (getprop(entity.get(), "erOtherAccountService"));}</JS> account from (getprop(entity.get(), "erOtherAccountService"));}</JS> account from http://www.ibm.com To approve/reject the request, go to MyTodo List >> Pending http://www.ibm.com To approve/reject the request, go to MyTodo List >> Pending Requests. Login to ITIM:http://www..ibm.com/ITIM Thank you for using ITIM. If you Requests. Login to ITIM:http://www..ibm.com/ITIM Thank you for using ITIM. If you have any questions please see the ITIM service pages or contact your local Service have any questions please see the ITIM service pages or contact your local Service Desk. Please, do not reply to this message. ITIM is a central webtool for requesting, Desk. Please, do not reply to this message. ITIM is a central webtool for requesting, generating, maintainingand managing System and Application accounts in IBM . generating, maintainingand managing System and Application accounts in IBM . http://www.itim.ibm.com/ITIMhttp://www.itim.ibm.com/ITIM
IBM Software Group
27
Complex Workflows:Complex Workflows:Example 1Example 1
Attribute Name Attribute Value
Node Type Approval node
ActivityID OneDayApprovalTimeout
Activity Name Approval with a 1 Day Timeout
Description Approval Rrequest
Participant
Escalation Participant
Escalation Limit 1 Days 0 Hours 0 Minutes 0 Seconds
Join Type AND
Split Type AND
Entity Type Account
Relevant Data
Attribute Name Attribute Value
Custom participant = new Participant(ParticipantType.SUPERVISOR);
Attribute Name Attribute Value
Custom participant = new Participant(ParticipantType.SUPERVISOR);
ID Type Relevant Data ID
entity Account entity
service Service service
owner Person owner
IBM Software Group
28
Complex Workflows:Complex Workflows:Example 1Example 1
Attribute Name Attribute Value
Node Type Script node
ActivityID LOOP_START
Join Type AND
Split Type AND
Script true;
Attribute Name Attribute Value
Node Type Script node
ActivityID EXIT_LOOP
Join Type AND
Split Type AND
Scriptexitloop.set("true");true;
Attribute Name Attribute Value
Node Type Script node
ActivityID LOOP_END
Join Type AND
Split Type AND
Scriptloopinstance.set(loopinstance.get()+1);true;
IBM Software Group
29
Complex Workflows:Complex Workflows:Example 1Example 1
getApproverDNgetApproverDNprocess.auditEvent("Attempting to get approver details");process.auditEvent("Attempting to get approver details");if (supervisorApproval.get() == "true" ) {if (supervisorApproval.get() == "true" ) { process.auditEvent("Getting normal approver");process.auditEvent("Getting normal approver"); person = owner.get();person = owner.get(); manager = person.getProperty("erSupervisor"); //managers erglobalIdmanager = person.getProperty("erSupervisor"); //managers erglobalId approver.set(manager[0]);approver.set(manager[0]); approver2.set(manager[0]);approver2.set(manager[0]); approver3.set(manager[0]);approver3.set(manager[0]); process.auditEvent("Normal approver resolved");process.auditEvent("Normal approver resolved");} else { //Special Approver} else { //Special Approver process.auditEvent("Getting special approver");process.auditEvent("Getting special approver"); personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in
fesiextension.properties file to use PersonSearch fesiextension.properties file to use PersonSearch searchFilter = "(employeeNumber=" + approverEmpNum.get() +")"; searchFilter = "(employeeNumber=" + approverEmpNum.get() +")"; searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope
is subtree is subtree approverEntity = searchResult[0]; //The search result is an array of the directory objects approverEntity = searchResult[0]; //The search result is an array of the directory objects approver.set(approverEntity.dn);approver.set(approverEntity.dn); if (approverEmpNumDeputy1.get() != null) {if (approverEmpNumDeputy1.get() != null) { personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in
fesiextension.properties file to use PersonSearch fesiextension.properties file to use PersonSearch searchFilter = "(employeeNumber=" + approverEmpNumDeputy1.get() +")"; searchFilter = "(employeeNumber=" + approverEmpNumDeputy1.get() +")"; searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope
is subtree is subtree approverEntity1 = searchResult[0]; //The search result is an array of the directory objects approverEntity1 = searchResult[0]; //The search result is an array of the directory objects
IBM Software Group
30
Complex Workflows:Complex Workflows:Example 1Example 1
getApproverDNgetApproverDN approver2.set(approverEntity1.dn);approver2.set(approverEntity1.dn);} else {} else { approver2.set(approverEntity.dn); // Same approver as the firstapprover2.set(approverEntity.dn); // Same approver as the first }}if (approverEmpNumDeputy2.get() != null) {if (approverEmpNumDeputy2.get() != null) { personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in
fesiextension.properties file to use PersonSearch fesiextension.properties file to use PersonSearch searchFilter = "(employeeNumber=" + approverEmpNumDeputy2.get() +")"; searchFilter = "(employeeNumber=" + approverEmpNumDeputy2.get() +")"; searchResult = personSearch.searchByFilter(“ibmPerson", searchFilter, 2); //2 means search scope searchResult = personSearch.searchByFilter(“ibmPerson", searchFilter, 2); //2 means search scope
is subtree is subtree approverEntity2 = searchResult[0]; //The search result is an array of the directory objects approverEntity2 = searchResult[0]; //The search result is an array of the directory objects approver3.set(approverEntity2.dn);approver3.set(approverEntity2.dn); } else {} else { approver3.set(approverEntity.dn); // Same approver as the firstapprover3.set(approverEntity.dn); // Same approver as the first }} process.auditEvent("Special approver resolved");process.auditEvent("Special approver resolved");}}/* //For debugging if needed/* //For debugging if neededprocess.auditEvent("approverEmpNum " + approverEmpNum.get() );process.auditEvent("approverEmpNum " + approverEmpNum.get() );process.auditEvent("approver " + approver.get() );process.auditEvent("approver " + approver.get() );process.auditEvent("approver2 " + approver2.get() );process.auditEvent("approver2 " + approver2.get() );process.auditEvent("approver3 " + approver3.get() );process.auditEvent("approver3 " + approver3.get() );process.auditEvent("approverEmpNumDeputy1 " + approverEmpNumDeputy1.get() );process.auditEvent("approverEmpNumDeputy1 " + approverEmpNumDeputy1.get() );process.auditEvent("approverEmpNumDeputy2 " + approverEmpNumDeputy2.get() );process.auditEvent("approverEmpNumDeputy2 " + approverEmpNumDeputy2.get() );*/ */
IBM Software Group
31
Complex Workflows:Complex Workflows:Example 1 (continued)Example 1 (continued)
Account RestoreAccount Restore
uses Approval_Processuses Approval_Process
IBM Software Group
32
Complex Workflows:Complex Workflows:Example 2Example 2
Add AccountAdd Account
IBM Software Group
33
Complex Workflows:Complex Workflows:Example 3Example 3
IBM Software Group
Restore AccountRestore Account
IBM Software Group
34
Complex Workflows:Complex Workflows:Example 3Example 3
current = process;current = process;exitwhile = false;exitwhile = false;parentType = "";parentType = "";parentTypeDesc.set("Unknown");parentTypeDesc.set("Unknown");while (!exitwhile) {while (!exitwhile) { if (current.parentId == 0 || current.parentId == "0"){if (current.parentId == 0 || current.parentId == "0"){ parentType=current.type;parentType=current.type; exitwhile = true;exitwhile = true; } else {} else { current=current.getParent();current=current.getParent(); }}}}process.auditEvent("Parent Type: " + parentType);process.auditEvent("Parent Type: " + parentType);if (parentType=="AR") {if (parentType=="AR") { sendEmail.set("false");sendEmail.set("false");} else {} else { sendEmail.set("true");sendEmail.set("true");}}process.auditEvent("sendEmail set to : " + sendEmail.get());process.auditEvent("sendEmail set to : " + sendEmail.get());parentTypeDesc.get(); parentTypeDesc.get();
IBM Software Group
35
Complex Workflows:Complex Workflows:Example 4Example 4
ChangePasswordChangePassword
IBM Software Group
36
Complex Workflows:Complex Workflows:Example 4Example 4
CHECK_REQUESTOR CHECK_REQUESTOR // Check to see if Requestee is also requestor// Check to see if Requestee is also requestorrequestorCheck.set("false");requestorCheck.set("false");sysUserDN = CurrentProcess.getRequestorDN();sysUserDN = CurrentProcess.getRequestorDN();if (sysUserDN=="null" || sysUserDN=="-1" || sysUserDN==null) {if (sysUserDN=="null" || sysUserDN=="-1" || sysUserDN==null) { // Not a human requestor// Not a human requestor requestorCheck.set("false");requestorCheck.set("false");} else {} else { sysUserAccount = SystemUser.getByDN(sysUserDN);sysUserAccount = SystemUser.getByDN(sysUserDN); curr_parent = sysUserAccount.parent.toString();curr_parent = sysUserAccount.parent.toString(); requestorPersonDN=curr_parent.substring(curr_parent.indexOf(':') + 2, curr_parent.length);requestorPersonDN=curr_parent.substring(curr_parent.indexOf(':') + 2, curr_parent.length); requesteeDN = process.requesteeDN;requesteeDN = process.requesteeDN;test = "-" + requesteeDN + "- compared with -" + requestorPersonDN + "- ";test = "-" + requesteeDN + "- compared with -" + requestorPersonDN + "- "; if (requesteeDN == requestorPersonDN) {if (requesteeDN == requestorPersonDN) { requestorCheck.set("true");requestorCheck.set("true"); } else {} else { requestorCheck.set("false");requestorCheck.set("false"); }}}}test += "with result " + requestorCheck.get();test += "with result " + requestorCheck.get();process.auditEvent(test);process.auditEvent(test);test; test;
IBM Software Group
37
Complex Workflows:Complex Workflows:Example 4Example 4
Set_Pwd_change_attrsSet_Pwd_change_attrs// Set Service// Set Service
curr_account = Entity.get();curr_account = Entity.get();
curr_service = curr_account.getProperty("erservice")[0];curr_service = curr_account.getProperty("erservice")[0];
service.set(new Service(curr_service));service.set(new Service(curr_service));
curr_owner = curr_account.getProperty("owner")[0];curr_owner = curr_account.getProperty("owner")[0];
owner.set(new Person(curr_owner));owner.set(new Person(curr_owner));
// Set attributes// Set attributes
// Set erW2kPasswordForceChange to true// Set erW2kPasswordForceChange to true
curr_account.setProperty( "erW2kPasswordForceChange", true );curr_account.setProperty( "erW2kPasswordForceChange", true );
Entity.set(curr_account);Entity.set(curr_account);
true; true;
IBM Software Group
38
Complex Workflows:Complex Workflows:Example 5Example 5
Delete PersonDelete Person
IBM Software Group
39
Complex Workflows:Complex Workflows:Example 6Example 6
Add PersonAdd Person
IBM Software Group
40
Appendix 1Appendix 1
Workflow ElementsWorkflow Elements
IBM Software Group
41
Workflow ElementsWorkflow ElementsStart and EndStart and End
ApprovalApproval
Request for InformationRequest for Information
Work OrderWork Order
ScriptScript
LoopLoop
Operation and SubprocessOperation and Subprocess
ExtensionExtension
Transition LinesTransition Lines
IBM Software Group
42
Start and End ElementsStart and End ElementsAlways existAlways exist
Can’t be deletedCan’t be deleted
Can add Javascript Can add Javascript code to themcode to them
IBM Software Group
43
Approval ElementApproval ElementRequests the Requests the Approval from a Approval from a ParticipantParticipant
The Participant The Participant must be an ITIM must be an ITIM useruserApplicable to People Applicable to People and Accountsand AccountsUsable in Operation Usable in Operation Workflows and Workflows and Entitlement Entitlement WorkflowsWorkflows
Has Postscript tabHas Postscript tab
IBM Software Group
44
Request for InformationRequest for InformationRequests Information Requests Information from a Participantfrom a Participant
The attributes to be The attributes to be provided will be provided will be presented on the Person presented on the Person or Account formor Account form
ACIs not neededACIs not needed
Applicable to People Applicable to People and Accountsand Accounts
Usable in Operation Usable in Operation Workflows and Workflows and Entitlement WorkflowsEntitlement Workflows
Has Postscript tabHas Postscript tab
IBM Software Group
45
Work OrderWork OrderSends email to a Sends email to a ParticipantParticipant
For NotificationFor NotificationTo request some To request some action outside ITIMaction outside ITIM
Participant doesn’t Participant doesn’t need to be ITIM userneed to be ITIM user
Must be in ITIM with Must be in ITIM with mail attribute filledmail attribute filled
Javascript can be Javascript can be used in the messageused in the messageHas Postscript tabHas Postscript tab
IBM Software Group
46
Script ElementScript ElementUsed to run Used to run Javascript codeJavascript code
FESI extensions can FESI extensions can be usedbe used
IBM Software Group
47
Loop ElementLoop ElementExecutes one or more Executes one or more elements in a Loopelements in a Loop
Loop TypesLoop Types Do WhileDo While
Evaluates condition Evaluates condition before executingbefore executing
Do UntilDo Until Evaluates condition Evaluates condition
after each executionafter each execution
Not Supported:Not Supported: Transitions directly into Transitions directly into
and out of the Loop and out of the Loop Nested LoopsNested Loops
IBM Software Group
48
Operation ElementOperation ElementCalls an existing Calls an existing Operation Workflow Operation Workflow from anotherfrom anotherThe called Entity The called Entity Type and Entity in Type and Entity in the called workflow the called workflow can be different can be different from the calling from the calling workflowworkflowThe called workflow The called workflow doesn’t return data doesn’t return data to the calling to the calling workflowworkflow
IBM Software Group
49
Subprocess ElementSubprocess ElementCalls one Calls one Entitlement Entitlement Workflow from Workflow from anotheranother
Must map relevant Must map relevant data in the calling to data in the calling to input parameters in input parameters in the called workflowthe called workflow
IBM Software Group
50
Extension ElementExtension ElementUsed to call an Used to call an application application extension to the extension to the workflow engineworkflow engine
Are Java classesAre Java classesImplement the Implement the Workflow APIWorkflow API
Need to be Need to be registered in registered in workflowextensions.workflowextensions.xmlxml
IBM Software Group
51
Transition LinesTransition LinesExecution Flows Execution Flows that connect that connect Workflow ElementsWorkflow Elements
Any number of Any number of Transition Lines can Transition Lines can enter or leave a enter or leave a Workflow elementsWorkflow elements
Javascript code can Javascript code can be added to be added to Transition LinesTransition Lines
IBM Software Group
52
Transition Lines: Split TypesTransition Lines: Split TypesSplit TypesSplit Types
AndAndAll paths leaving the element will be evaluated All paths leaving the element will be evaluated and all paths evaluated to true will be followed and all paths evaluated to true will be followed
OrOrThe transitions are evaluated until one is The transitions are evaluated until one is found to be “true” and that path is then found to be “true” and that path is then followed; all other paths are not evaluatedfollowed; all other paths are not evaluated
IBM Software Group
53
Transition Lines: Join TypesTransition Lines: Join TypesJoin TypesJoin Types
AndAndAll elements on active paths leading to this All elements on active paths leading to this element must complete before the joined element must complete before the joined element is executedelement is executed
OrOrThe first path leading to the element that is The first path leading to the element that is evaluated to true will cause the element to be evaluated to true will cause the element to be executedexecuted
Since it’s not possible to order the Since it’s not possible to order the paths, only ONE path should paths, only ONE path should evaluate to trueevaluate to true
IBM Software Group
54
Appendix 2Appendix 2
How to Document WorkflowsHow to Document Workflows
IBM Software Group
55
How to Document WorkflowsHow to Document Workflows
IBM Software Group
56
How to Document WorkflowsHow to Document Workflows
IBM Software Group
57
How to Document WorkflowsHow to Document Workflows
IBM Software Group
58
How to Document WorkflowsHow to Document Workflows
IBM Software Group
59
How to Document WorkflowsHow to Document Workflows
IBM Software Group
60
Thank you!Thank you!