Identity Manager

How to inject a request for a role, related to another role ? Something for Geraldine !

In our environment, we created a structure of business roles and made them requestable. Works fine offcourse ;-) But some resources, tied to the role need to follow a specific approval flow using multiple approvers. So my plan is to avoid to create extra separate requestable items for those resources and to put them in a "risky" role, creating a serviceitem for that role and put it on my shelve tied tot the multi approver flow. So i split the role into "normal" resources and the "risky stuff". 

Problem here is that the requester has to request separate items and we want to make it as simple as possible. SO, i looked into table OrgRelatesToOrg.

Once RoleA is requested (using a single approval), i can detect the request coming into the system and using a script i can query the system to see if that role also has an relation to another Org. As OrgRelatesToOrg do not trigger calculations, i want to use this relation to tie RoleB (risky) to my original RoleA.

I want the system to create a new request automatically, using the same requester and same recipient but then for RoleB, using a multi approver flow. There is a method available i noticed to autoinject requests how can this be implemented in a 613 system ?

  • Hi all, had a chat with support and this script will help in this usecase :

    Public Sub MTN_FillOrderTest(strUidProduct As String, strUidBusOrg As String, strUidPersonRcpt As String)
    Dim pBag As New PropertyBag
    ' assign all required fields
    pBag.PutValue("UID_Org", "52E8C3A6-AB77-457A-A31E-F5544981CE3D") 'ITShoporg
    pBag.PutValue("UID_PersonOrdered", strUidPersonRcpt) 'UID_Person recipient
    pBag.PutValue("UID_PersonInserted", "d4154e6b-c86b-4745-8910-6e205faff413") 'UID_Person requester
    pBag.PutValue("OrderReason", "Automated request inserted by the system")
    pBag.PutValue("OrderDate", Date.Today)
    pBag.PutValue("OrderState","OrderProduct") 'Must be set to correct value to create a request

    ' create a new request object
    Dim dbPwO As ISingleDbObject = Connection.CreateSingle("PersonWantsOrg")
    Dim objectkey = "<Key><T>PersonInOrg</T><P>" & strUidBusOrg & "</P><P>" & strUidPersonRcpt & "</P></Key>"
    pBag.PutValue("ObjectKeyAssignment", objectkey)

    ' this method can only be called from the Q1IM service!
    ' Running in Designer or SystemLibrary will throw an exception
    ' Create a process which runs this script
    dbPwO.Custom.CallMethod("FillOrder", pBag)

    End Sub


    Keep in mind that all UID's are hardcoded here, for testing and that you need a process to run this script on your JobServer. The great magic is, that if a Person gets a RoleA, and that RoleA is tied to RoleB in the table "OrgRelatesToOrg" you can grab that UID_Org from there and request the product tied to it. So if RoleA is assigned by the system using a dynamic schedule, or granted as part of an approval, you can now take care of the RoleB assigment following your multi approval flow in the "normal" way.
  • Also in Manager you could select The role and click on "Create assigment Resource" :)