Tech_Implementation of Complex ITIM Workflows

®

IBM Software Group

1362 - Implementation of 1362 - Implementation of Complex ITIM WorkflowsComplex ITIM WorkflowsFred SantosFred Santos

®

IBM Software Group

Fred SantosFred SantosPan EMEA Subject Matter Expert GroupPan EMEA Subject Matter Expert Group

®

IBM Software Group

IBM Software Group

3

AgendaAgendaITIM Workflow Concepts: a quick OverviewITIM Workflow Concepts: a quick Overview

Workflow TypesWorkflow TypesWorkflow DataWorkflow DataWorkflow ElementsWorkflow ElementsWorkflow and JavaScriptWorkflow and JavaScriptWorkflow ExtensionsWorkflow Extensions

Complex ITIM Workflows by ExampleComplex ITIM Workflows by Example

IBM Software Group

4

AbstractAbstractITIM manages security policies by using workflows. The ability to develop customized workflows are essential to getting value out of an ITIM deployment and in high demand during customer engagements.

Skills Level: Advanced

IBM Software Group

5

Workflow TypesWorkflow TypesOperation WorkflowsOperation Workflows

Lifecycle ManagementLifecycle ManagementPersons and BPPersonsPersons and BPPersonsAccountsAccountsGlobalGlobal

Entitlement WorkflowsEntitlement WorkflowsProvisioning ProcessingProvisioning Processing

AccountsAccounts

IBM Software Group

6

Operation WorkflowsOperation WorkflowsAssociated with manipulation of Entities:Associated with manipulation of Entities:

AccountAccountPersonPersonBPPersonBPPerson

Global workflows can be defined and Global workflows can be defined and called from other operation workflowscalled from other operation workflows

IBM Software Group

7

Operation WorkflowsOperation WorkflowsCan be defined at two levels:Can be defined at two levels:

Entity TypeEntity TypeEntityEntity

The Entity Type Workflows are inherited by all The Entity Type Workflows are inherited by all entities of that type.entities of that type.

E.g.: Operation Workflows defined at the level of Entity E.g.: Operation Workflows defined at the level of Entity Type Account, will be inherited by all Accounts, Type Account, will be inherited by all Accounts, regardless of profileregardless of profile

The Entity Workflows override those inherited The Entity Workflows override those inherited from the Entity Type levelfrom the Entity Type level

E.g.: a customized Modify NT account workflow E.g.: a customized Modify NT account workflow overrides the modify workflow inherited from the overrides the modify workflow inherited from the Account Entity TypeAccount Entity Type

IBM Software Group

8

Operation WorkflowsOperation WorkflowsPerson and BPPerson operations:Person and BPPerson operations:

AddAddModifyModifyDelete Delete SuspendSuspendRestoreRestoreTransferTransferSelfRegisterSelfRegister

IBM Software Group

9

Operation WorkflowsOperation WorkflowsAccount Operations:Account Operations:

AddAddModifyModifyDeleteDeleteSuspendSuspendRestoreRestoreChangePasswordChangePassword

IBM Software Group

10

Entitlement WorkflowsEntitlement WorkflowsSpecified in Provisioning PoliciesSpecified in Provisioning Policies

Entitlement Workflows are NOT Entitlement Workflows are NOT mandatorymandatory

Triggered by:Triggered by:Account AddAccount AddAccount ModifyAccount Modify

Executed before the relevant Operation Executed before the relevant Operation WorkflowWorkflow

The Operation Workflow do not start The Operation Workflow do not start before the Entitlement Workflow before the Entitlement Workflow completescompletes

IBM Software Group

11

Workflow DataWorkflow DataThree types of Workflow Data:Three types of Workflow Data:

Javascript variablesJavascript variablesRelevant DataRelevant DataWorkflow Context ObjectsWorkflow Context Objects

IBM Software Group

12

Javascript VariablesJavascript VariablesDefined in Javascript code:Defined in Javascript code:

Javascript NodesJavascript NodesPostscript tabsPostscript tabs““Custom” code in some other NodesCustom” code in some other NodesStart and End NodesStart and End Nodes

Can’t be Serialized or made PersistentCan’t be Serialized or made PersistentExist in the context of their definitionExist in the context of their definition

When the node completes, all variables When the node completes, all variables will be out of scopewill be out of scope

IBM Software Group

13

Relevant DataRelevant DataDefined in the Workflow Properties pageDefined in the Workflow Properties page

Exists throughout the life of the workflowExists throughout the life of the workflowStored in the ITIM DatabaseStored in the ITIM DatabaseCan be associated with contexts:Can be associated with contexts:

SubjectSubjectRequesteeRequesteeBothBothNot ApplicableNot Applicable

IBM Software Group

14

Relevant DataRelevant DataTypes of Relevant Data:Types of Relevant Data:

Input/Output ParametersInput/Output ParametersWorkflow DefinedWorkflow DefinedUser DefinedUser Defined

IBM Software Group

15

Input/Output Parameters in Input/Output Parameters in Entitlement WorkflowsEntitlement Workflows

Input Parameters:Input Parameters:Entity – Account:Entity – Account:

In an add request, it contains the data for the new In an add request, it contains the data for the new accountaccountIn an a modify request, it contains only the modified In an a modify request, it contains only the modified attributesattributes

ServiceServiceThe Service where the account exists or will be createThe Service where the account exists or will be create

Owner - Person:Owner - Person:The Person associated with the accountThe Person associated with the account

Output Parameters:Output Parameters:Entity – AccountEntity – Account

IBM Software Group

16

Input Parameters in Operation Input Parameters in Operation WorkflowsWorkflows

Static Operations:Static Operations:Add: Person or AccountAdd: Person or Account(Account) Modify: Account(Account) Modify: AccountSelfRegister: PersonSelfRegister: Person

Non-Static Operations:Non-Static Operations:Delete: Person or AccountDelete: Person or Account(Person) Modify: Person(Person) Modify: PersonSuspend: Person or AccountSuspend: Person or AccountRestore: Person or AccountRestore: Person or AccountTransfer: PersonTransfer: PersonChangePassword: AccountChangePassword: Account

IBM Software Group

17

System Defined and User System Defined and User Defined DataDefined Data

System Defined Data:System Defined Data:Defined only in some workflowsDefined only in some workflows

User Defined Data:User Defined Data:Defined in the Workflow Properties PageDefined in the Workflow Properties PageMade persistent in the ITIM DatabaseMade persistent in the ITIM DatabaseAccessed in Javascript withAccessed in Javascript with

userObject = ItemName.get();userObject = ItemName.get();Changed in Javascript withChanged in Javascript with

ItemName.set(userObject);ItemName.set(userObject);

IBM Software Group

18

Workflow Context ObjectsWorkflow Context ObjectsContain information about the object in Contain information about the object in questionquestion

ActivityActivityProcessProcess

Accessible in Javascript codeAccessible in Javascript code

IBM Software Group

19

Workflow ElementsWorkflow ElementsStart and EndStart and EndApprovalApprovalRequest for InformationRequest for InformationWork OrderWork OrderScriptScriptLoopLoopOperation and SubprocessOperation and SubprocessExtensionExtensionTransition LinesTransition Lines

IBM Software Group

20

Workflow and JavaScriptWorkflow and JavaScriptMost Elements Allow Javascript code to be Most Elements Allow Javascript code to be executed:executed:

Start and End NodesStart and End NodesScript NodesScript NodesPostscript Tabs (Approval, Extension, …)Postscript Tabs (Approval, Extension, …)Transition LinesTransition Lines

Allows:Allows:Manipulation of Relevant DataManipulation of Relevant DataConditional logic in Transition LinesConditional logic in Transition Lines

IBM Software Group

21

Workflow and JavascriptWorkflow and JavascriptFESI Extensions can be used in Javascript FESI Extensions can be used in Javascript codecode

Created as Java classes implementing the Created as Java classes implementing the Javascript APIJavascript APIInstalled in the ITIM classpathInstalled in the ITIM classpathRegistered in enRole.propertiesRegistered in enRole.properties

Used asUsed asObjectsObjects

var userObj = new extObject();var userObj = new extObject();FunctionsFunctions

var userVar = extFunction(val1, val2);var userVar = extFunction(val1, val2);

IBM Software Group

22

Workflow ExtensionsWorkflow ExtensionsJava classes implementing the Workflow Java classes implementing the Workflow APIAPI

Installed in the ITIM classpathInstalled in the ITIM classpathRegistered in workflowextensions.xmlRegistered in workflowextensions.xml

Used by adding an Extension node in the Used by adding an Extension node in the WorkflowWorkflow

Select the class name in Extension NameSelect the class name in Extension NameMap the Input and Output Parameters to Map the Input and Output Parameters to Relevant DataRelevant Data

The Input and Output Parameters are defined The Input and Output Parameters are defined in the Java classin the Java class

IBM Software Group

23

Workflow ExtensionsWorkflow ExtensionsCan be used toCan be used to

Hide sensitive processing logicHide sensitive processing logicAccess external data storesAccess external data stores

FilesFilesDatabasesDatabasesLDAP ServersLDAP Servers

Implement logic difficult to code or Implement logic difficult to code or inefficient in Javascriptinefficient in Javascript

Number crunchingNumber crunchingEncapsulate processing in a single nodeEncapsulate processing in a single node

IBM Software Group

24

Complex Workflows:Complex Workflows:Example 1Example 1

Global Operation (Account Entity Type)Global Operation (Account Entity Type)Approval_ProcessApproval_Process

IBM Software Group

25


// Initialise loop instance counter to zero and exitloop switch to false. // Initialise loop instance counter to zero and exitloop switch to false. loopinstance.set(0);loopinstance.set(0);exitloop.set("false");exitloop.set("false");// Check current process type. If not Account Process Type, Loop back through Parent Processes // Check current process type. If not Account Process Type, Loop back through Parent Processes // until Account Process type is found or until the root Parent reached. Default value is et to unknown. // until Account Process type is found or until the root Parent reached. Default value is et to unknown. current = process;current = process;exitwhile = false;exitwhile = false;parentType = "";parentType = "";parentTypeDesc.set("Unknown");parentTypeDesc.set("Unknown");while (!exitwhile) {while (!exitwhile) { if ((current.type.substring(0,1)=="A" || current.type.substring(0,1)=="L") && current.type.length == 2){if ((current.type.substring(0,1)=="A" || current.type.substring(0,1)=="L") && current.type.length == 2){ parentType=current.type;parentType=current.type; exitwhile = true;exitwhile = true; } else if (current.parentId == 0 || current.parentId == "0"){} else if (current.parentId == 0 || current.parentId == "0"){ exitwhile = true;exitwhile = true; } else {current=current.getParent();}} else {current=current.getParent();}}}if (parentType=="AA") {parentTypeDesc.set("Account Add");} elseif (parentType=="AA") {parentTypeDesc.set("Account Add");} elseif (parentType=="AC") {parentTypeDesc.set("Account Change");} elseif (parentType=="AC") {parentTypeDesc.set("Account Change");} elseif (parentType=="AP") {parentTypeDesc.set("Account Password Change");} elseif (parentType=="AP") {parentTypeDesc.set("Account Password Change");} elseif (parentType=="LS") {parentTypeDesc.set("Suspend Multiple Accounts");} elseif (parentType=="LS") {parentTypeDesc.set("Suspend Multiple Accounts");} elseif (parentType=="LR") {parentTypeDesc.set("Restore Multiple Accounts");} elseif (parentType=="LR") {parentTypeDesc.set("Restore Multiple Accounts");} elseif (parentType=="LD") {parentTypeDesc.set("Delete Multiple Accounts");} elseif (parentType=="LD") {parentTypeDesc.set("Delete Multiple Accounts");} elseif (parentType=="LP") {parentTypeDesc.set("Change Password for Multiple Accounts");} elseif (parentType=="LP") {parentTypeDesc.set("Change Password for Multiple Accounts");} elseif (parentType=="AS") {parentTypeDesc.set("Suspend Account");} elseif (parentType=="AS") {parentTypeDesc.set("Suspend Account");} elseif (parentType=="AR") {parentTypeDesc.set("Restore Account");} elseif (parentType=="AR") {parentTypeDesc.set("Restore Account");} elseif (parentType=="AD") {parentTypeDesc.set("Delete Account");}if (parentType=="AD") {parentTypeDesc.set("Delete Account");}// otherAccount Check// otherAccount Checkif (service.get().getProperty("erservicename")[0] == "otherAccount") {if (service.get().getProperty("erservicename")[0] == "otherAccount") { otherAccountCheck.set("true")otherAccountCheck.set("true")}}parentTypeDesc.get(); parentTypeDesc.get();

IBM Software Group

26


SubjectSubject<JS>function getprop(ob, prop){x=ob.getProperty(prop);if (x.length != 0){return <JS>function getprop(ob, prop){x=ob.getProperty(prop);if (x.length != 0){return

x[0];}else{return "";}}"";</JS>ARMS <JS>if (otherAccountCheck.get() == "false") x[0];}else{return "";}}"";</JS>ARMS <JS>if (otherAccountCheck.get() == "false") {return (service.get().getProperty("erservicename")[0]);} else {return {return (service.get().getProperty("erservicename")[0]);} else {return (getprop(entity.get(), "erOtherAccountService"));}</JS> <JS>if (getprop(entity.get(), "erOtherAccountService"));}</JS> <JS>if (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (getprop(entity.get(), "erOtherAccountOperation"));}</JS> Request For (getprop(entity.get(), "erOtherAccountOperation"));}</JS> Request For <JS>o=owner.get();getprop(o,"cn");</JS> Waiting for Your approval<JS>o=owner.get();getprop(o,"cn");</JS> Waiting for Your approval

MessageMessage<JS>function getprop(ob, prop){ x=ob.getProperty(prop); if (x.length != 0) { return <JS>function getprop(ob, prop){ x=ob.getProperty(prop); if (x.length != 0) { return

x[0]; } else { return ""; }}"";</JS>There is a <JS>if (otherAccountCheck.get() == x[0]; } else { return ""; }}"";</JS>There is a <JS>if (otherAccountCheck.get() == "false") {return (service.get().getProperty("erservicename")[0]);} else {return "false") {return (service.get().getProperty("erservicename")[0]);} else {return (getprop(entity.get(), "erOtherAccountService"));}</JS> account <JS>if (getprop(entity.get(), "erOtherAccountService"));}</JS> account <JS>if (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (otherAccountCheck.get() == "false") {return (parentTypeDesc.get());} else {return (getprop(entity.get(), "erOtherAccountOperation"));}</JS> request for (getprop(entity.get(), "erOtherAccountOperation"));}</JS> request for <JS>o=owner.get();getprop(o,"cn");</JS> waiting for your approval.<JS>if <JS>o=owner.get();getprop(o,"cn");</JS> waiting for your approval.<JS>if (otherAccountCheck.get() != "false") {return ("\nAccount Information: " + (otherAccountCheck.get() != "false") {return ("\nAccount Information: " + getprop(entity.get(), "erotheraccountcontent") +"\n");} else {return ("");}</JS>Please getprop(entity.get(), "erotheraccountcontent") +"\n");} else {return ("");}</JS>Please see the service charging information for <JS>if (otherAccountCheck.get() == "false") see the service charging information for <JS>if (otherAccountCheck.get() == "false") {return (service.get().getProperty("erservicename")[0]);} else {return {return (service.get().getProperty("erservicename")[0]);} else {return (getprop(entity.get(), "erOtherAccountService"));}</JS> account from (getprop(entity.get(), "erOtherAccountService"));}</JS> account from http://www.ibm.com To approve/reject the request, go to MyTodo List >> Pending http://www.ibm.com To approve/reject the request, go to MyTodo List >> Pending Requests. Login to ITIM:http://www..ibm.com/ITIM Thank you for using ITIM. If you Requests. Login to ITIM:http://www..ibm.com/ITIM Thank you for using ITIM. If you have any questions please see the ITIM service pages or contact your local Service have any questions please see the ITIM service pages or contact your local Service Desk. Please, do not reply to this message. ITIM is a central webtool for requesting, Desk. Please, do not reply to this message. ITIM is a central webtool for requesting, generating, maintainingand managing System and Application accounts in IBM . generating, maintainingand managing System and Application accounts in IBM . http://www.itim.ibm.com/ITIMhttp://www.itim.ibm.com/ITIM

IBM Software Group

27


Attribute Name Attribute Value

Node Type Approval node

ActivityID OneDayApprovalTimeout

Activity Name Approval with a 1 Day Timeout

Description Approval Rrequest

Participant

Escalation Participant

Escalation Limit 1 Days 0 Hours 0 Minutes 0 Seconds

Join Type AND

Split Type AND

Entity Type Account

Relevant Data


Custom participant = new Participant(ParticipantType.SUPERVISOR);


Custom participant = new Participant(ParticipantType.SUPERVISOR);

ID Type Relevant Data ID

entity Account entity

service Service service

owner Person owner

IBM Software Group

28



Node Type Script node

ActivityID LOOP_START

Join Type AND

Split Type AND

Script true;



ActivityID EXIT_LOOP

Join Type AND

Split Type AND

Script exitloop.set("true");true;



ActivityID LOOP_END

Join Type AND

Split Type AND

Script loopinstance.set(loopinstance.get()+1);true;

IBM Software Group

29


getApproverDNgetApproverDNprocess.auditEvent("Attempting to get approver details");process.auditEvent("Attempting to get approver details");if (supervisorApproval.get() == "true" ) {if (supervisorApproval.get() == "true" ) { process.auditEvent("Getting normal approver");process.auditEvent("Getting normal approver"); person = owner.get();person = owner.get(); manager = person.getProperty("erSupervisor"); //managers erglobalIdmanager = person.getProperty("erSupervisor"); //managers erglobalId approver.set(manager[0]);approver.set(manager[0]); approver2.set(manager[0]);approver2.set(manager[0]); approver3.set(manager[0]);approver3.set(manager[0]); process.auditEvent("Normal approver resolved");process.auditEvent("Normal approver resolved");} else { //Special Approver} else { //Special Approver process.auditEvent("Getting special approver");process.auditEvent("Getting special approver"); personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in

fesiextension.properties file to use PersonSearch fesiextension.properties file to use PersonSearch searchFilter = "(employeeNumber=" + approverEmpNum.get() +")"; searchFilter = "(employeeNumber=" + approverEmpNum.get() +")"; searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope

is subtree is subtree approverEntity = searchResult[0]; //The search result is an array of the directory objects approverEntity = searchResult[0]; //The search result is an array of the directory objects approver.set(approverEntity.dn);approver.set(approverEntity.dn); if (approverEmpNumDeputy1.get() != null) {if (approverEmpNumDeputy1.get() != null) { personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in

fesiextension.properties file to use PersonSearch fesiextension.properties file to use PersonSearch searchFilter = "(employeeNumber=" + approverEmpNumDeputy1.get() +")"; searchFilter = "(employeeNumber=" + approverEmpNumDeputy1.get() +")"; searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope searchResult = personSearch.searchByFilter("ibmPerson", searchFilter, 2); //2 means search scope

is subtree is subtree approverEntity1 = searchResult[0]; //The search result is an array of the directory objects approverEntity1 = searchResult[0]; //The search result is an array of the directory objects

IBM Software Group

30


getApproverDNgetApproverDN approver2.set(approverEntity1.dn);approver2.set(approverEntity1.dn);} else {} else { approver2.set(approverEntity.dn); // Same approver as the firstapprover2.set(approverEntity.dn); // Same approver as the first }}if (approverEmpNumDeputy2.get() != null) {if (approverEmpNumDeputy2.get() != null) { personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in

fesiextension.properties file to use PersonSearch fesiextension.properties file to use PersonSearch searchFilter = "(employeeNumber=" + approverEmpNumDeputy2.get() +")"; searchFilter = "(employeeNumber=" + approverEmpNumDeputy2.get() +")"; searchResult = personSearch.searchByFilter(“ibmPerson", searchFilter, 2); //2 means search scope is searchResult = personSearch.searchByFilter(“ibmPerson", searchFilter, 2); //2 means search scope is

subtree subtree approverEntity2 = searchResult[0]; //The search result is an array of the directory objects approverEntity2 = searchResult[0]; //The search result is an array of the directory objects approver3.set(approverEntity2.dn);approver3.set(approverEntity2.dn); } else {} else { approver3.set(approverEntity.dn); // Same approver as the firstapprover3.set(approverEntity.dn); // Same approver as the first }} process.auditEvent("Special approver resolved");process.auditEvent("Special approver resolved");}}/* //For debugging if needed/* //For debugging if neededprocess.auditEvent("approverEmpNum " + approverEmpNum.get() );process.auditEvent("approverEmpNum " + approverEmpNum.get() );process.auditEvent("approver " + approver.get() );process.auditEvent("approver " + approver.get() );process.auditEvent("approver2 " + approver2.get() );process.auditEvent("approver2 " + approver2.get() );process.auditEvent("approver3 " + approver3.get() );process.auditEvent("approver3 " + approver3.get() );process.auditEvent("approverEmpNumDeputy1 " + approverEmpNumDeputy1.get() );process.auditEvent("approverEmpNumDeputy1 " + approverEmpNumDeputy1.get() );process.auditEvent("approverEmpNumDeputy2 " + approverEmpNumDeputy2.get() );process.auditEvent("approverEmpNumDeputy2 " + approverEmpNumDeputy2.get() );*/ */

IBM Software Group

31

Complex Workflows:Complex Workflows:Example 1 (continued)Example 1 (continued)

Account RestoreAccount Restoreuses Approval_Processuses Approval_Process

IBM Software Group

32


Add AccountAdd Account

IBM Software Group

33


IBM Software Group

Restore AccountRestore Account

IBM Software Group

34


current = process;current = process;exitwhile = false;exitwhile = false;parentType = "";parentType = "";parentTypeDesc.set("Unknown");parentTypeDesc.set("Unknown");while (!exitwhile) {while (!exitwhile) { if (current.parentId == 0 || current.parentId == "0"){if (current.parentId == 0 || current.parentId == "0"){ parentType=current.type;parentType=current.type; exitwhile = true;exitwhile = true; } else {} else { current=current.getParent();current=current.getParent(); }}}}process.auditEvent("Parent Type: " + parentType);process.auditEvent("Parent Type: " + parentType);if (parentType=="AR") {if (parentType=="AR") { sendEmail.set("false");sendEmail.set("false");} else {} else { sendEmail.set("true");sendEmail.set("true");}}process.auditEvent("sendEmail set to : " + sendEmail.get());process.auditEvent("sendEmail set to : " + sendEmail.get());parentTypeDesc.get(); parentTypeDesc.get();

IBM Software Group

35


ChangePasswordChangePassword

IBM Software Group

36


CHECK_REQUESTOR CHECK_REQUESTOR // Check to see if Requestee is also requestor// Check to see if Requestee is also requestorrequestorCheck.set("false");requestorCheck.set("false");sysUserDN = CurrentProcess.getRequestorDN();sysUserDN = CurrentProcess.getRequestorDN();if (sysUserDN=="null" || sysUserDN=="-1" || sysUserDN==null) {if (sysUserDN=="null" || sysUserDN=="-1" || sysUserDN==null) { // Not a human requestor// Not a human requestor requestorCheck.set("false");requestorCheck.set("false");} else {} else { sysUserAccount = SystemUser.getByDN(sysUserDN);sysUserAccount = SystemUser.getByDN(sysUserDN); curr_parent = sysUserAccount.parent.toString();curr_parent = sysUserAccount.parent.toString(); requestorPersonDN=curr_parent.substring(curr_parent.indexOf(':') + 2, curr_parent.length);requestorPersonDN=curr_parent.substring(curr_parent.indexOf(':') + 2, curr_parent.length); requesteeDN = process.requesteeDN;requesteeDN = process.requesteeDN;test = "-" + requesteeDN + "- compared with -" + requestorPersonDN + "- ";test = "-" + requesteeDN + "- compared with -" + requestorPersonDN + "- "; if (requesteeDN == requestorPersonDN) {if (requesteeDN == requestorPersonDN) { requestorCheck.set("true");requestorCheck.set("true"); } else {} else { requestorCheck.set("false");requestorCheck.set("false"); }}}}test += "with result " + requestorCheck.get();test += "with result " + requestorCheck.get();process.auditEvent(test);process.auditEvent(test);test; test;

IBM Software Group

37


Set_Pwd_change_attrsSet_Pwd_change_attrs// Set Service// Set Servicecurr_account = Entity.get();curr_account = Entity.get();curr_service = curr_account.getProperty("erservice")[0];curr_service = curr_account.getProperty("erservice")[0];service.set(new Service(curr_service));service.set(new Service(curr_service));curr_owner = curr_account.getProperty("owner")[0];curr_owner = curr_account.getProperty("owner")[0];owner.set(new Person(curr_owner));owner.set(new Person(curr_owner));// Set attributes// Set attributes// Set erW2kPasswordForceChange to true// Set erW2kPasswordForceChange to truecurr_account.setProperty( "erW2kPasswordForceChange", true );curr_account.setProperty( "erW2kPasswordForceChange", true );Entity.set(curr_account);Entity.set(curr_account);true; true;

IBM Software Group

38


Delete PersonDelete Person

IBM Software Group

39


Add PersonAdd Person

IBM Software Group

40

Appendix 1Appendix 1

Workflow ElementsWorkflow Elements

IBM Software Group

41

Workflow ElementsWorkflow ElementsStart and EndStart and EndApprovalApprovalRequest for InformationRequest for InformationWork OrderWork OrderScriptScriptLoopLoopOperation and SubprocessOperation and SubprocessExtensionExtensionTransition LinesTransition Lines

IBM Software Group

42

Start and End ElementsStart and End ElementsAlways existAlways exist

Can’t be deletedCan’t be deletedCan add Javascript Can add Javascript code to themcode to them

IBM Software Group

43

Approval ElementApproval ElementRequests the Requests the Approval from a Approval from a ParticipantParticipant

The Participant The Participant must be an ITIM must be an ITIM useruserApplicable to People Applicable to People and Accountsand AccountsUsable in Operation Usable in Operation Workflows and Workflows and Entitlement Entitlement WorkflowsWorkflows

Has Postscript tabHas Postscript tab

IBM Software Group

44

Request for InformationRequest for InformationRequests Information Requests Information from a Participantfrom a Participant

The attributes to be The attributes to be provided will be provided will be presented on the Person presented on the Person or Account formor Account form

ACIs not neededACIs not neededApplicable to People Applicable to People and Accountsand AccountsUsable in Operation Usable in Operation Workflows and Workflows and Entitlement WorkflowsEntitlement Workflows

Has Postscript tabHas Postscript tab

IBM Software Group

45

Work OrderWork OrderSends email to a Sends email to a ParticipantParticipant

For NotificationFor NotificationTo request some To request some action outside ITIMaction outside ITIM

Participant doesn’t Participant doesn’t need to be ITIM userneed to be ITIM user

Must be in ITIM with Must be in ITIM with mail attribute filledmail attribute filled

Javascript can be Javascript can be used in the messageused in the messageHas Postscript tabHas Postscript tab

IBM Software Group

46

Script ElementScript ElementUsed to run Used to run Javascript codeJavascript codeFESI extensions can FESI extensions can be usedbe used

IBM Software Group

47

Loop ElementLoop ElementExecutes one or more Executes one or more elements in a Loopelements in a LoopLoop TypesLoop Types

Do WhileDo While Evaluates condition Evaluates condition

before executingbefore executing Do UntilDo Until

Evaluates condition Evaluates condition after each executionafter each execution

Not Supported:Not Supported: Transitions directly into Transitions directly into

and out of the Loop and out of the Loop Nested LoopsNested Loops

IBM Software Group

48

Operation ElementOperation ElementCalls an existing Calls an existing Operation Workflow Operation Workflow from anotherfrom anotherThe called Entity The called Entity Type and Entity in Type and Entity in the called workflow the called workflow can be different from can be different from the calling workflowthe calling workflowThe called workflow The called workflow doesn’t return data doesn’t return data to the calling to the calling workflowworkflow

IBM Software Group

49

Subprocess ElementSubprocess ElementCalls one Calls one Entitlement Entitlement Workflow from Workflow from anotheranotherMust map relevant Must map relevant data in the calling to data in the calling to input parameters in input parameters in the called workflowthe called workflow

IBM Software Group

50

Extension ElementExtension ElementUsed to call an Used to call an application application extension to the extension to the workflow engineworkflow engineAre Java classesAre Java classes

Implement the Implement the Workflow APIWorkflow APINeed to be Need to be registered in registered in workflowextensions.workflowextensions.xmlxml

IBM Software Group

51

Transition LinesTransition LinesExecution Flows Execution Flows that connect that connect Workflow ElementsWorkflow Elements

Any number of Any number of Transition Lines can Transition Lines can enter or leave a enter or leave a Workflow elementsWorkflow elements

Javascript code can Javascript code can be added to be added to Transition LinesTransition Lines

IBM Software Group

52

Transition Lines: Split TypesTransition Lines: Split TypesSplit TypesSplit Types

AndAndAll paths leaving the element will be evaluated All paths leaving the element will be evaluated and all paths evaluated to true will be followed and all paths evaluated to true will be followed

OrOrThe transitions are evaluated until one is The transitions are evaluated until one is found to be “true” and that path is then found to be “true” and that path is then followed; all other paths are not evaluatedfollowed; all other paths are not evaluated

IBM Software Group

53

Transition Lines: Join TypesTransition Lines: Join TypesJoin TypesJoin Types

AndAndAll elements on active paths leading to this All elements on active paths leading to this element must complete before the joined element must complete before the joined element is executedelement is executed

OrOrThe first path leading to the element that is The first path leading to the element that is evaluated to true will cause the element to be evaluated to true will cause the element to be executedexecuted

Since it’s not possible to order the Since it’s not possible to order the paths, only ONE path should paths, only ONE path should evaluate to trueevaluate to true

IBM Software Group

54

Appendix 2Appendix 2

How to Document WorkflowsHow to Document Workflows

IBM Software Group

55


IBM Software Group

56


IBM Software Group

57


IBM Software Group

58


IBM Software Group

59


IBM Software Group

60

Thank you!Thank you!

Tech_Implementation of Complex ITIM Workflows

Technology

Transcript of Tech_Implementation of Complex ITIM Workflows