Your SlideShare is downloading. ×
0
1362 - Implementation of Complex ITIM Workflows Fred Santos
Fred Santos Pan EMEA Subject Matter Expert Group IBM Software Group ®
Agenda <ul><li>ITIM Workflow Concepts: a quick Overview </li></ul><ul><ul><li>Workflow Types </li></ul></ul><ul><ul><li>Wo...
Abstract <ul><li>ITIM manages security policies by using workflows.  The ability to develop customized workflows are essen...
Workflow Types <ul><li>Operation Workflows </li></ul><ul><ul><li>Lifecycle Management </li></ul></ul><ul><ul><ul><li>Perso...
Operation Workflows <ul><li>Associated with manipulation of Entities: </li></ul><ul><ul><li>Account </li></ul></ul><ul><ul...
Operation Workflows <ul><li>Can be defined at two levels: </li></ul><ul><ul><li>Entity Type </li></ul></ul><ul><ul><li>Ent...
Operation Workflows <ul><li>Person and BPPerson operations: </li></ul><ul><ul><li>Add </li></ul></ul><ul><ul><li>Modify </...
Operation Workflows <ul><li>Account Operations: </li></ul><ul><ul><li>Add </li></ul></ul><ul><ul><li>Modify </li></ul></ul...
Entitlement Workflows <ul><li>Specified in Provisioning Policies </li></ul><ul><ul><li>Entitlement Workflows are NOT manda...
Workflow Data <ul><li>Three types of Workflow Data: </li></ul><ul><ul><li>Javascript variables </li></ul></ul><ul><ul><li>...
Javascript Variables <ul><li>Defined in Javascript code: </li></ul><ul><ul><li>Javascript Nodes </li></ul></ul><ul><ul><li...
Relevant Data <ul><li>Defined in the Workflow Properties page </li></ul><ul><ul><li>Exists throughout the life of the work...
Relevant Data <ul><li>Types of Relevant Data: </li></ul><ul><ul><li>Input/Output Parameters </li></ul></ul><ul><ul><li>Wor...
Input/Output Parameters in Entitlement Workflows <ul><li>Input Parameters: </li></ul><ul><ul><li>Entity – Account: </li></...
Input Parameters in Operation Workflows <ul><li>Static Operations: </li></ul><ul><ul><li>Add: Person or Account </li></ul>...
System Defined and User Defined Data <ul><li>System Defined Data: </li></ul><ul><ul><li>Defined only in some workflows </l...
Workflow Context Objects <ul><li>Contain information about the object in question </li></ul><ul><ul><li>Activity </li></ul...
Workflow Elements <ul><li>Start and End </li></ul><ul><li>Approval </li></ul><ul><li>Request for Information </li></ul><ul...
Workflow and JavaScript <ul><li>Most Elements Allow Javascript code to be executed: </li></ul><ul><ul><li>Start and End No...
Workflow and Javascript <ul><li>FESI Extensions can be used in Javascript code </li></ul><ul><ul><li>Created as Java class...
Workflow Extensions <ul><li>Java classes implementing the Workflow API </li></ul><ul><ul><li>Installed in the ITIM classpa...
Workflow Extensions <ul><li>Can be used to </li></ul><ul><ul><li>Hide sensitive processing logic </li></ul></ul><ul><ul><l...
Complex Workflows: Example 1 <ul><li>Global Operation (Account Entity Type) </li></ul><ul><ul><li>Approval_Process </li></...
Complex Workflows: Example 1 <ul><ul><li>// Initialise loop instance counter to zero and exitloop switch to false.  </li><...
Complex Workflows: Example 1 <ul><li>Subject </li></ul><ul><ul><li><JS>function getprop(ob, prop){x=ob.getProperty(prop);i...
Complex Workflows: Example 1 Relevant Data Account  Entity Type AND Split Type AND  Join Type 1 Days 0 Hours 0 Minutes 0 S...
Complex Workflows: Example 1 true;  Script AND Split Type AND  Join Type LOOP_START ActivityID Script node Node Type Attri...
Complex Workflows: Example 1 <ul><li>getApproverDN </li></ul><ul><ul><li>process.auditEvent(&quot;Attempting to get approv...
Complex Workflows: Example 1 <ul><li>getApproverDN </li></ul><ul><ul><li>approver2.set(approverEntity1.dn); </li></ul></ul...
Complex Workflows: Example 1 (continued) <ul><li>Account Restore </li></ul><ul><ul><li>uses Approval_Process </li></ul></ul>
Complex Workflows: Example 2 <ul><li>Add Account </li></ul>
Complex Workflows: Example 3 IBM Software Group <ul><li>Restore Account </li></ul>
Complex Workflows: Example 3 <ul><ul><li>current = process; </li></ul></ul><ul><ul><li>exitwhile = false; </li></ul></ul><...
Complex Workflows: Example 4 <ul><li>ChangePassword </li></ul>
Complex Workflows: Example 4 <ul><li>CHECK_REQUESTOR  </li></ul><ul><ul><li>// Check to see if Requestee is also requestor...
Complex Workflows: Example 4 <ul><li>Set_Pwd_change_attrs </li></ul><ul><ul><li>// Set Service </li></ul></ul><ul><ul><li>...
Complex Workflows: Example 5 <ul><li>Delete Person </li></ul>
Complex Workflows: Example 6 <ul><li>Add Person </li></ul>
Appendix 1 <ul><li>Workflow Elements </li></ul>
Workflow Elements <ul><li>Start and End </li></ul><ul><li>Approval </li></ul><ul><li>Request for Information </li></ul><ul...
Start and End Elements <ul><li>Always exist </li></ul><ul><ul><li>Can’t be deleted </li></ul></ul><ul><li>Can add Javascri...
Approval Element <ul><li>Requests the Approval from a Participant </li></ul><ul><ul><li>The Participant must be an ITIM us...
Request for Information <ul><li>Requests Information from a Participant </li></ul><ul><ul><li>The attributes to be provide...
Work Order <ul><li>Sends email to a Participant </li></ul><ul><ul><li>For Notification </li></ul></ul><ul><ul><li>To reque...
Script Element <ul><li>Used to run Javascript code </li></ul><ul><li>FESI extensions can be used </li></ul>
Loop Element <ul><li>Executes one or more elements in a Loop </li></ul><ul><li>Loop Types </li></ul><ul><ul><li>Do While <...
Operation Element <ul><li>Calls an existing Operation Workflow from another </li></ul><ul><li>The called Entity Type and E...
Subprocess Element <ul><li>Calls one Entitlement Workflow from another </li></ul><ul><li>Must map relevant data in the cal...
Extension Element <ul><li>Used to call an application extension to the workflow engine </li></ul><ul><li>Are Java classes ...
Transition Lines <ul><li>Execution Flows that connect Workflow Elements </li></ul><ul><ul><li>Any number of Transition Lin...
Transition Lines: Split Types <ul><li>Split Types </li></ul><ul><ul><li>And </li></ul></ul><ul><ul><ul><li>All paths leavi...
Transition Lines: Join Types <ul><li>Join Types </li></ul><ul><ul><li>And </li></ul></ul><ul><ul><ul><li>All elements on a...
Appendix 2 <ul><li>How to Document Workflows </li></ul>
How to Document Workflows
How to Document Workflows
How to Document Workflows
How to Document Workflows
How to Document Workflows
Thank you!
Upcoming SlideShare
Loading in...5
×

Tech_Implementation of Complex ITIM Workflows

11,407

Published on

Tech_Implementation of Complex ITIM Workflows

















Tech_Implementation of Complex ITIM Workflows







Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
11,407
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
455
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Transcript of "Tech_Implementation of Complex ITIM Workflows"

    1. 1. 1362 - Implementation of Complex ITIM Workflows Fred Santos
    2. 2. Fred Santos Pan EMEA Subject Matter Expert Group IBM Software Group ®
    3. 3. Agenda <ul><li>ITIM Workflow Concepts: a quick Overview </li></ul><ul><ul><li>Workflow Types </li></ul></ul><ul><ul><li>Workflow Data </li></ul></ul><ul><ul><li>Workflow Elements </li></ul></ul><ul><ul><li>Workflow and JavaScript </li></ul></ul><ul><ul><li>Workflow Extensions </li></ul></ul><ul><li>Complex ITIM Workflows by Example </li></ul>
    4. 4. Abstract <ul><li>ITIM manages security policies by using workflows. The ability to develop customized workflows are essential to getting value out of an ITIM deployment and in high demand during customer engagements. </li></ul><ul><li>Skills Level: Advanced </li></ul>
    5. 5. Workflow Types <ul><li>Operation Workflows </li></ul><ul><ul><li>Lifecycle Management </li></ul></ul><ul><ul><ul><li>Persons and BPPersons </li></ul></ul></ul><ul><ul><ul><li>Accounts </li></ul></ul></ul><ul><ul><ul><li>Global </li></ul></ul></ul><ul><li>Entitlement Workflows </li></ul><ul><ul><li>Provisioning Processing </li></ul></ul><ul><ul><ul><li>Accounts </li></ul></ul></ul>
    6. 6. Operation Workflows <ul><li>Associated with manipulation of Entities: </li></ul><ul><ul><li>Account </li></ul></ul><ul><ul><li>Person </li></ul></ul><ul><ul><li>BPPerson </li></ul></ul><ul><li>Global workflows can be defined and called from other operation workflows </li></ul>
    7. 7. Operation Workflows <ul><li>Can be defined at two levels: </li></ul><ul><ul><li>Entity Type </li></ul></ul><ul><ul><li>Entity </li></ul></ul><ul><li>The Entity Type Workflows are inherited by all entities of that type. </li></ul><ul><ul><ul><li>E.g.: Operation Workflows defined at the level of Entity Type Account, will be inherited by all Accounts, regardless of profile </li></ul></ul></ul><ul><li>The Entity Workflows override those inherited from the Entity Type level </li></ul><ul><ul><ul><li>E.g.: a customized Modify NT account workflow overrides the modify workflow inherited from the Account Entity Type </li></ul></ul></ul>
    8. 8. Operation Workflows <ul><li>Person and BPPerson operations: </li></ul><ul><ul><li>Add </li></ul></ul><ul><ul><li>Modify </li></ul></ul><ul><ul><li>Delete </li></ul></ul><ul><ul><li>Suspend </li></ul></ul><ul><ul><li>Restore </li></ul></ul><ul><ul><li>Transfer </li></ul></ul><ul><ul><li>SelfRegister </li></ul></ul>
    9. 9. Operation Workflows <ul><li>Account Operations: </li></ul><ul><ul><li>Add </li></ul></ul><ul><ul><li>Modify </li></ul></ul><ul><ul><li>Delete </li></ul></ul><ul><ul><li>Suspend </li></ul></ul><ul><ul><li>Restore </li></ul></ul><ul><ul><li>ChangePassword </li></ul></ul>
    10. 10. Entitlement Workflows <ul><li>Specified in Provisioning Policies </li></ul><ul><ul><li>Entitlement Workflows are NOT mandatory </li></ul></ul><ul><li>Triggered by: </li></ul><ul><ul><li>Account Add </li></ul></ul><ul><ul><li>Account Modify </li></ul></ul><ul><li>Executed before the relevant Operation Workflow </li></ul><ul><ul><li>The Operation Workflow do not start before the Entitlement Workflow completes </li></ul></ul>
    11. 11. Workflow Data <ul><li>Three types of Workflow Data: </li></ul><ul><ul><li>Javascript variables </li></ul></ul><ul><ul><li>Relevant Data </li></ul></ul><ul><ul><li>Workflow Context Objects </li></ul></ul>
    12. 12. Javascript Variables <ul><li>Defined in Javascript code: </li></ul><ul><ul><li>Javascript Nodes </li></ul></ul><ul><ul><li>Postscript tabs </li></ul></ul><ul><ul><li>“ Custom” code in some other Nodes </li></ul></ul><ul><ul><li>Start and End Nodes </li></ul></ul><ul><li>Can’t be Serialized or made Persistent </li></ul><ul><li>Exist in the context of their definition </li></ul><ul><ul><li>When the node completes, all variables will be out of scope </li></ul></ul>
    13. 13. Relevant Data <ul><li>Defined in the Workflow Properties page </li></ul><ul><ul><li>Exists throughout the life of the workflow </li></ul></ul><ul><li>Stored in the ITIM Database </li></ul><ul><li>Can be associated with contexts: </li></ul><ul><ul><li>Subject </li></ul></ul><ul><ul><li>Requestee </li></ul></ul><ul><ul><li>Both </li></ul></ul><ul><ul><li>Not Applicable </li></ul></ul>
    14. 14. Relevant Data <ul><li>Types of Relevant Data: </li></ul><ul><ul><li>Input/Output Parameters </li></ul></ul><ul><ul><li>Workflow Defined </li></ul></ul><ul><ul><li>User Defined </li></ul></ul>
    15. 15. Input/Output Parameters in Entitlement Workflows <ul><li>Input Parameters: </li></ul><ul><ul><li>Entity – Account: </li></ul></ul><ul><ul><ul><li>In an add request, it contains the data for the new account </li></ul></ul></ul><ul><ul><ul><li>In an a modify request, it contains only the modified attributes </li></ul></ul></ul><ul><ul><li>Service </li></ul></ul><ul><ul><ul><li>The Service where the account exists or will be create </li></ul></ul></ul><ul><ul><li>Owner - Person: </li></ul></ul><ul><ul><ul><li>The Person associated with the account </li></ul></ul></ul><ul><li>Output Parameters: </li></ul><ul><ul><li>Entity – Account </li></ul></ul>
    16. 16. Input Parameters in Operation Workflows <ul><li>Static Operations: </li></ul><ul><ul><li>Add: Person or Account </li></ul></ul><ul><ul><li>(Account) Modify: Account </li></ul></ul><ul><ul><li>SelfRegister: Person </li></ul></ul><ul><li>Non-Static Operations: </li></ul><ul><ul><li>Delete: Person or Account </li></ul></ul><ul><ul><li>(Person) Modify: Person </li></ul></ul><ul><ul><li>Suspend: Person or Account </li></ul></ul><ul><ul><li>Restore: Person or Account </li></ul></ul><ul><ul><li>Transfer: Person </li></ul></ul><ul><ul><li>ChangePassword: Account </li></ul></ul>
    17. 17. System Defined and User Defined Data <ul><li>System Defined Data: </li></ul><ul><ul><li>Defined only in some workflows </li></ul></ul><ul><li>User Defined Data: </li></ul><ul><ul><li>Defined in the Workflow Properties Page </li></ul></ul><ul><ul><li>Made persistent in the ITIM Database </li></ul></ul><ul><ul><li>Accessed in Javascript with </li></ul></ul><ul><ul><ul><li>userObject = ItemName.get(); </li></ul></ul></ul><ul><ul><li>Changed in Javascript with </li></ul></ul><ul><ul><ul><li>ItemName.set(userObject); </li></ul></ul></ul>
    18. 18. Workflow Context Objects <ul><li>Contain information about the object in question </li></ul><ul><ul><li>Activity </li></ul></ul><ul><ul><li>Process </li></ul></ul><ul><li>Accessible in Javascript code </li></ul>
    19. 19. Workflow Elements <ul><li>Start and End </li></ul><ul><li>Approval </li></ul><ul><li>Request for Information </li></ul><ul><li>Work Order </li></ul><ul><li>Script </li></ul><ul><li>Loop </li></ul><ul><li>Operation and Subprocess </li></ul><ul><li>Extension </li></ul><ul><li>Transition Lines </li></ul>
    20. 20. Workflow and JavaScript <ul><li>Most Elements Allow Javascript code to be executed: </li></ul><ul><ul><li>Start and End Nodes </li></ul></ul><ul><ul><li>Script Nodes </li></ul></ul><ul><ul><li>Postscript Tabs (Approval, Extension, …) </li></ul></ul><ul><ul><li>Transition Lines </li></ul></ul><ul><li>Allows: </li></ul><ul><ul><li>Manipulation of Relevant Data </li></ul></ul><ul><ul><li>Conditional logic in Transition Lines </li></ul></ul>
    21. 21. Workflow and Javascript <ul><li>FESI Extensions can be used in Javascript code </li></ul><ul><ul><li>Created as Java classes implementing the Javascript API </li></ul></ul><ul><ul><li>Installed in the ITIM classpath </li></ul></ul><ul><ul><li>Registered in enRole.properties </li></ul></ul><ul><li>Used as </li></ul><ul><ul><li>Objects </li></ul></ul><ul><ul><ul><li>var userObj = new extObject(); </li></ul></ul></ul><ul><ul><li>Functions </li></ul></ul><ul><ul><ul><li>var userVar = extFunction(val1, val2); </li></ul></ul></ul>
    22. 22. Workflow Extensions <ul><li>Java classes implementing the Workflow API </li></ul><ul><ul><li>Installed in the ITIM classpath </li></ul></ul><ul><ul><li>Registered in workflowextensions.xml </li></ul></ul><ul><li>Used by adding an Extension node in the Workflow </li></ul><ul><ul><li>Select the class name in Extension Name </li></ul></ul><ul><ul><li>Map the Input and Output Parameters to Relevant Data </li></ul></ul><ul><ul><ul><li>The Input and Output Parameters are defined in the Java class </li></ul></ul></ul>
    23. 23. Workflow Extensions <ul><li>Can be used to </li></ul><ul><ul><li>Hide sensitive processing logic </li></ul></ul><ul><ul><li>Access external data stores </li></ul></ul><ul><ul><ul><li>Files </li></ul></ul></ul><ul><ul><ul><li>Databases </li></ul></ul></ul><ul><ul><ul><li>LDAP Servers </li></ul></ul></ul><ul><ul><li>Implement logic difficult to code or inefficient in Javascript </li></ul></ul><ul><ul><ul><li>Number crunching </li></ul></ul></ul><ul><ul><li>Encapsulate processing in a single node </li></ul></ul>
    24. 24. Complex Workflows: Example 1 <ul><li>Global Operation (Account Entity Type) </li></ul><ul><ul><li>Approval_Process </li></ul></ul>
    25. 25. Complex Workflows: Example 1 <ul><ul><li>// Initialise loop instance counter to zero and exitloop switch to false. </li></ul></ul><ul><ul><li>loopinstance.set(0); </li></ul></ul><ul><ul><li>exitloop.set(&quot;false&quot;); </li></ul></ul><ul><ul><li>// Check current process type. If not Account Process Type, Loop back through Parent Processes </li></ul></ul><ul><ul><li>// until Account Process type is found or until the root Parent reached. Default value is et to unknown. </li></ul></ul><ul><ul><li>current = process; </li></ul></ul><ul><ul><li>exitwhile = false; </li></ul></ul><ul><ul><li>parentType = &quot;&quot;; </li></ul></ul><ul><ul><li>parentTypeDesc.set(&quot;Unknown&quot;); </li></ul></ul><ul><ul><li>while (!exitwhile) { </li></ul></ul><ul><ul><li>if ((current.type.substring(0,1)==&quot;A&quot; || current.type.substring(0,1)==&quot;L&quot;) && current.type.length == 2){ </li></ul></ul><ul><ul><li>parentType=current.type; </li></ul></ul><ul><ul><li>exitwhile = true; </li></ul></ul><ul><ul><li>} else if (current.parentId == 0 || current.parentId == &quot;0&quot;){ </li></ul></ul><ul><ul><li>exitwhile = true; </li></ul></ul><ul><ul><li>} else {current=current.getParent();} </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>if (parentType==&quot;AA&quot;) {parentTypeDesc.set(&quot;Account Add&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;AC&quot;) {parentTypeDesc.set(&quot;Account Change&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;AP&quot;) {parentTypeDesc.set(&quot;Account Password Change&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;LS&quot;) {parentTypeDesc.set(&quot;Suspend Multiple Accounts&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;LR&quot;) {parentTypeDesc.set(&quot;Restore Multiple Accounts&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;LD&quot;) {parentTypeDesc.set(&quot;Delete Multiple Accounts&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;LP&quot;) {parentTypeDesc.set(&quot;Change Password for Multiple Accounts&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;AS&quot;) {parentTypeDesc.set(&quot;Suspend Account&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;AR&quot;) {parentTypeDesc.set(&quot;Restore Account&quot;);} else </li></ul></ul><ul><ul><li>if (parentType==&quot;AD&quot;) {parentTypeDesc.set(&quot;Delete Account&quot;);} </li></ul></ul><ul><ul><li>// otherAccount Check </li></ul></ul><ul><ul><li>if (service.get().getProperty(&quot;erservicename&quot;)[0] == &quot;otherAccount&quot;) { </li></ul></ul><ul><ul><li>otherAccountCheck.set(&quot;true&quot;) </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>parentTypeDesc.get(); </li></ul></ul>
    26. 26. Complex Workflows: Example 1 <ul><li>Subject </li></ul><ul><ul><li><JS>function getprop(ob, prop){x=ob.getProperty(prop);if (x.length != 0){return x[0];}else{return &quot;&quot;;}}&quot;&quot;;</JS>ARMS <JS>if (otherAccountCheck.get() == &quot;false&quot;) {return (service.get().getProperty(&quot;erservicename&quot;)[0]);} else {return (getprop(entity.get(), &quot;erOtherAccountService&quot;));}</JS> <JS>if (otherAccountCheck.get() == &quot;false&quot;) {return (parentTypeDesc.get());} else {return (getprop(entity.get(), &quot;erOtherAccountOperation&quot;));}</JS> Request For <JS>o=owner.get();getprop(o,&quot;cn&quot;);</JS> Waiting for Your approval </li></ul></ul><ul><li>Message </li></ul><ul><ul><li><JS>function getprop(ob, prop){ x=ob.getProperty(prop); if (x.length != 0) { return x[0]; } else { return &quot;&quot;; }}&quot;&quot;;</JS>There is a <JS>if (otherAccountCheck.get() == &quot;false&quot;) {return (service.get().getProperty(&quot;erservicename&quot;)[0]);} else {return (getprop(entity.get(), &quot;erOtherAccountService&quot;));}</JS> account <JS>if (otherAccountCheck.get() == &quot;false&quot;) {return (parentTypeDesc.get());} else {return (getprop(entity.get(), &quot;erOtherAccountOperation&quot;));}</JS> request for <JS>o=owner.get();getprop(o,&quot;cn&quot;);</JS> waiting for your approval.<JS>if (otherAccountCheck.get() != &quot;false&quot;) {return (&quot; Account Information: &quot; + getprop(entity.get(), &quot;erotheraccountcontent&quot;) +&quot; &quot;);} else {return (&quot;&quot;);}</JS>Please see the service charging information for <JS>if (otherAccountCheck.get() == &quot;false&quot;) {return (service.get().getProperty(&quot;erservicename&quot;)[0]);} else {return (getprop(entity.get(), &quot;erOtherAccountService&quot;));}</JS> account from http://www.ibm.com To approve/reject the request, go to MyTodo List >> Pending Requests. Login to ITIM:http://www..ibm.com/ITIM Thank you for using ITIM. If you have any questions please see the ITIM service pages or contact your local Service Desk. Please, do not reply to this message. ITIM is a central webtool for requesting, generating, maintainingand managing System and Application accounts in IBM . http://www.itim.ibm.com/ITIM </li></ul></ul>
    27. 27. Complex Workflows: Example 1 Relevant Data Account Entity Type AND Split Type AND Join Type 1 Days 0 Hours 0 Minutes 0 Seconds Escalation Limit Escalation Participant Participant Approval Rrequest Description Approval with a 1 Day Timeout Activity Name OneDayApprovalTimeout ActivityID Approval node Node Type Attribute Value Attribute Name participant = new Participant(ParticipantType.SUPERVISOR); Custom Attribute Value Attribute Name participant = new Participant(ParticipantType.SUPERVISOR); Custom Attribute Value Attribute Name owner Person owner service Service service entity Account entity Relevant Data ID Type ID
    28. 28. Complex Workflows: Example 1 true; Script AND Split Type AND Join Type LOOP_START ActivityID Script node Node Type Attribute Value Attribute Name exitloop.set(&quot;true&quot;); true; Script AND Split Type AND Join Type EXIT_LOOP ActivityID Script node Node Type Attribute Value Attribute Name loopinstance.set(loopinstance.get()+1); true; Script AND Split Type AND Join Type LOOP_END ActivityID Script node Node Type Attribute Value Attribute Name
    29. 29. Complex Workflows: Example 1 <ul><li>getApproverDN </li></ul><ul><ul><li>process.auditEvent(&quot;Attempting to get approver details&quot;); </li></ul></ul><ul><ul><li>if (supervisorApproval.get() == &quot;true&quot; ) { </li></ul></ul><ul><ul><li>process.auditEvent(&quot;Getting normal approver&quot;); </li></ul></ul><ul><ul><li>person = owner.get(); </li></ul></ul><ul><ul><li>manager = person.getProperty(&quot;erSupervisor&quot;); //managers erglobalId </li></ul></ul><ul><ul><li>approver.set(manager[0]); </li></ul></ul><ul><ul><li>approver2.set(manager[0]); </li></ul></ul><ul><ul><li>approver3.set(manager[0]); </li></ul></ul><ul><ul><li>process.auditEvent(&quot;Normal approver resolved&quot;); </li></ul></ul><ul><ul><li>} else { //Special Approver </li></ul></ul><ul><ul><li>process.auditEvent(&quot;Getting special approver&quot;); </li></ul></ul><ul><ul><li>personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in fesiextension.properties file to use PersonSearch </li></ul></ul><ul><ul><li>searchFilter = &quot;(employeeNumber=&quot; + approverEmpNum.get() +&quot;)&quot;; </li></ul></ul><ul><ul><li>searchResult = personSearch.searchByFilter(&quot;ibmPerson&quot;, searchFilter, 2); //2 means search scope is subtree </li></ul></ul><ul><ul><li>approverEntity = searchResult[0]; //The search result is an array of the directory objects </li></ul></ul><ul><ul><li>approver.set(approverEntity.dn); </li></ul></ul><ul><ul><li>if (approverEmpNumDeputy1.get() != null) { </li></ul></ul><ul><ul><li>personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in fesiextension.properties file to use PersonSearch </li></ul></ul><ul><ul><li>searchFilter = &quot;(employeeNumber=&quot; + approverEmpNumDeputy1.get() +&quot;)&quot;; </li></ul></ul><ul><ul><li>searchResult = personSearch.searchByFilter(&quot;ibmPerson&quot;, searchFilter, 2); //2 means search scope is subtree </li></ul></ul><ul><ul><li>approverEntity1 = searchResult[0]; //The search result is an array of the directory objects </li></ul></ul>
    30. 30. Complex Workflows: Example 1 <ul><li>getApproverDN </li></ul><ul><ul><li>approver2.set(approverEntity1.dn); </li></ul></ul><ul><ul><li>} else { </li></ul></ul><ul><ul><li>approver2.set(approverEntity.dn); // Same approver as the first </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>if (approverEmpNumDeputy2.get() != null) { </li></ul></ul><ul><ul><li>personSearch = new PersonSearch(); //ModelExtension needs to be registered for workflow in fesiextension.properties file to use PersonSearch </li></ul></ul><ul><ul><li>searchFilter = &quot;(employeeNumber=&quot; + approverEmpNumDeputy2.get() +&quot;)&quot;; </li></ul></ul><ul><ul><li>searchResult = personSearch.searchByFilter(“ibmPerson&quot;, searchFilter, 2); //2 means search scope is subtree </li></ul></ul><ul><ul><li>approverEntity2 = searchResult[0]; //The search result is an array of the directory objects </li></ul></ul><ul><ul><li>approver3.set(approverEntity2.dn); </li></ul></ul><ul><ul><li>} else { </li></ul></ul><ul><ul><li>approver3.set(approverEntity.dn); // Same approver as the first </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>process.auditEvent(&quot;Special approver resolved&quot;); </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>/* //For debugging if needed </li></ul></ul><ul><ul><li>process.auditEvent(&quot;approverEmpNum &quot; + approverEmpNum.get() ); </li></ul></ul><ul><ul><li>process.auditEvent(&quot;approver &quot; + approver.get() ); </li></ul></ul><ul><ul><li>process.auditEvent(&quot;approver2 &quot; + approver2.get() ); </li></ul></ul><ul><ul><li>process.auditEvent(&quot;approver3 &quot; + approver3.get() ); </li></ul></ul><ul><ul><li>process.auditEvent(&quot;approverEmpNumDeputy1 &quot; + approverEmpNumDeputy1.get() ); </li></ul></ul><ul><ul><li>process.auditEvent(&quot;approverEmpNumDeputy2 &quot; + approverEmpNumDeputy2.get() ); </li></ul></ul><ul><ul><li>*/ </li></ul></ul>
    31. 31. Complex Workflows: Example 1 (continued) <ul><li>Account Restore </li></ul><ul><ul><li>uses Approval_Process </li></ul></ul>
    32. 32. Complex Workflows: Example 2 <ul><li>Add Account </li></ul>
    33. 33. Complex Workflows: Example 3 IBM Software Group <ul><li>Restore Account </li></ul>
    34. 34. Complex Workflows: Example 3 <ul><ul><li>current = process; </li></ul></ul><ul><ul><li>exitwhile = false; </li></ul></ul><ul><ul><li>parentType = &quot;&quot;; </li></ul></ul><ul><ul><li>parentTypeDesc.set(&quot;Unknown&quot;); </li></ul></ul><ul><ul><li>while (!exitwhile) { </li></ul></ul><ul><ul><li>if (current.parentId == 0 || current.parentId == &quot;0&quot;){ </li></ul></ul><ul><ul><li>parentType=current.type; </li></ul></ul><ul><ul><li>exitwhile = true; </li></ul></ul><ul><ul><li>} else { </li></ul></ul><ul><ul><li>current=current.getParent(); </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>process.auditEvent(&quot;Parent Type: &quot; + parentType); </li></ul></ul><ul><ul><li>if (parentType==&quot;AR&quot;) { </li></ul></ul><ul><ul><li>sendEmail.set(&quot;false&quot;); </li></ul></ul><ul><ul><li>} else { </li></ul></ul><ul><ul><li>sendEmail.set(&quot;true&quot;); </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>process.auditEvent(&quot;sendEmail set to : &quot; + sendEmail.get()); </li></ul></ul><ul><ul><li>parentTypeDesc.get(); </li></ul></ul>
    35. 35. Complex Workflows: Example 4 <ul><li>ChangePassword </li></ul>
    36. 36. Complex Workflows: Example 4 <ul><li>CHECK_REQUESTOR </li></ul><ul><ul><li>// Check to see if Requestee is also requestor </li></ul></ul><ul><ul><li>requestorCheck.set(&quot;false&quot;); </li></ul></ul><ul><ul><li>sysUserDN = CurrentProcess.getRequestorDN(); </li></ul></ul><ul><ul><li>if (sysUserDN==&quot;null&quot; || sysUserDN==&quot;-1&quot; || sysUserDN==null) { </li></ul></ul><ul><ul><li>// Not a human requestor </li></ul></ul><ul><ul><li>requestorCheck.set(&quot;false&quot;); </li></ul></ul><ul><ul><li>} else { </li></ul></ul><ul><ul><li>sysUserAccount = SystemUser.getByDN(sysUserDN); </li></ul></ul><ul><ul><li>curr_parent = sysUserAccount.parent.toString(); </li></ul></ul><ul><ul><li>requestorPersonDN=curr_parent.substring(curr_parent.indexOf(':') + 2, curr_parent.length); </li></ul></ul><ul><ul><li>requesteeDN = process.requesteeDN; </li></ul></ul><ul><ul><li>test = &quot;-&quot; + requesteeDN + &quot;- compared with -&quot; + requestorPersonDN + &quot;- &quot;; </li></ul></ul><ul><ul><li>if (requesteeDN == requestorPersonDN) { </li></ul></ul><ul><ul><li>requestorCheck.set(&quot;true&quot;); </li></ul></ul><ul><ul><li>} else { </li></ul></ul><ul><ul><li>requestorCheck.set(&quot;false&quot;); </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>} </li></ul></ul><ul><ul><li>test += &quot;with result &quot; + requestorCheck.get(); </li></ul></ul><ul><ul><li>process.auditEvent(test); </li></ul></ul><ul><ul><li>test; </li></ul></ul>
    37. 37. Complex Workflows: Example 4 <ul><li>Set_Pwd_change_attrs </li></ul><ul><ul><li>// Set Service </li></ul></ul><ul><ul><li>curr_account = Entity.get(); </li></ul></ul><ul><ul><li>curr_service = curr_account.getProperty(&quot;erservice&quot;)[0]; </li></ul></ul><ul><ul><li>service.set(new Service(curr_service)); </li></ul></ul><ul><ul><li>curr_owner = curr_account.getProperty(&quot;owner&quot;)[0]; </li></ul></ul><ul><ul><li>owner.set(new Person(curr_owner)); </li></ul></ul><ul><ul><li>// Set attributes </li></ul></ul><ul><ul><li>// Set erW2kPasswordForceChange to true </li></ul></ul><ul><ul><li>curr_account.setProperty( &quot;erW2kPasswordForceChange&quot;, true ); </li></ul></ul><ul><ul><li>Entity.set(curr_account); </li></ul></ul><ul><ul><li>true; </li></ul></ul>
    38. 38. Complex Workflows: Example 5 <ul><li>Delete Person </li></ul>
    39. 39. Complex Workflows: Example 6 <ul><li>Add Person </li></ul>
    40. 40. Appendix 1 <ul><li>Workflow Elements </li></ul>
    41. 41. Workflow Elements <ul><li>Start and End </li></ul><ul><li>Approval </li></ul><ul><li>Request for Information </li></ul><ul><li>Work Order </li></ul><ul><li>Script </li></ul><ul><li>Loop </li></ul><ul><li>Operation and Subprocess </li></ul><ul><li>Extension </li></ul><ul><li>Transition Lines </li></ul>
    42. 42. Start and End Elements <ul><li>Always exist </li></ul><ul><ul><li>Can’t be deleted </li></ul></ul><ul><li>Can add Javascript code to them </li></ul>
    43. 43. Approval Element <ul><li>Requests the Approval from a Participant </li></ul><ul><ul><li>The Participant must be an ITIM user </li></ul></ul><ul><ul><li>Applicable to People and Accounts </li></ul></ul><ul><ul><li>Usable in Operation Workflows and Entitlement Workflows </li></ul></ul><ul><li>Has Postscript tab </li></ul>
    44. 44. Request for Information <ul><li>Requests Information from a Participant </li></ul><ul><ul><li>The attributes to be provided will be presented on the Person or Account form </li></ul></ul><ul><ul><ul><li>ACIs not needed </li></ul></ul></ul><ul><ul><li>Applicable to People and Accounts </li></ul></ul><ul><ul><li>Usable in Operation Workflows and Entitlement Workflows </li></ul></ul><ul><li>Has Postscript tab </li></ul>
    45. 45. Work Order <ul><li>Sends email to a Participant </li></ul><ul><ul><li>For Notification </li></ul></ul><ul><ul><li>To request some action outside ITIM </li></ul></ul><ul><li>Participant doesn’t need to be ITIM user </li></ul><ul><ul><li>Must be in ITIM with mail attribute filled </li></ul></ul><ul><li>Javascript can be used in the message </li></ul><ul><li>Has Postscript tab </li></ul>
    46. 46. Script Element <ul><li>Used to run Javascript code </li></ul><ul><li>FESI extensions can be used </li></ul>
    47. 47. Loop Element <ul><li>Executes one or more elements in a Loop </li></ul><ul><li>Loop Types </li></ul><ul><ul><li>Do While </li></ul></ul><ul><ul><ul><li>Evaluates condition before executing </li></ul></ul></ul><ul><ul><li>Do Until </li></ul></ul><ul><ul><ul><li>Evaluates condition after each execution </li></ul></ul></ul><ul><li>Not Supported: </li></ul><ul><ul><li>Transitions directly into and out of the Loop </li></ul></ul><ul><ul><li>Nested Loops </li></ul></ul>
    48. 48. Operation Element <ul><li>Calls an existing Operation Workflow from another </li></ul><ul><li>The called Entity Type and Entity in the called workflow can be different from the calling workflow </li></ul><ul><li>The called workflow doesn’t return data to the calling workflow </li></ul>
    49. 49. Subprocess Element <ul><li>Calls one Entitlement Workflow from another </li></ul><ul><li>Must map relevant data in the calling to input parameters in the called workflow </li></ul>
    50. 50. Extension Element <ul><li>Used to call an application extension to the workflow engine </li></ul><ul><li>Are Java classes </li></ul><ul><ul><li>Implement the Workflow API </li></ul></ul><ul><ul><li>Need to be registered in workflowextensions.xml </li></ul></ul>
    51. 51. Transition Lines <ul><li>Execution Flows that connect Workflow Elements </li></ul><ul><ul><li>Any number of Transition Lines can enter or leave a Workflow elements </li></ul></ul><ul><li>Javascript code can be added to Transition Lines </li></ul>
    52. 52. Transition Lines: Split Types <ul><li>Split Types </li></ul><ul><ul><li>And </li></ul></ul><ul><ul><ul><li>All paths leaving the element will be evaluated and all paths evaluated to true will be followed </li></ul></ul></ul><ul><ul><li>Or </li></ul></ul><ul><ul><ul><li>The transitions are evaluated until one is found to be “true” and that path is then followed; all other paths are not evaluated </li></ul></ul></ul>
    53. 53. Transition Lines: Join Types <ul><li>Join Types </li></ul><ul><ul><li>And </li></ul></ul><ul><ul><ul><li>All elements on active paths leading to this element must complete before the joined element is executed </li></ul></ul></ul><ul><ul><li>Or </li></ul></ul><ul><ul><ul><li>The first path leading to the element that is evaluated to true will cause the element to be executed </li></ul></ul></ul><ul><ul><ul><ul><li>Since it’s not possible to order the paths, only ONE path should evaluate to true </li></ul></ul></ul></ul>
    54. 54. Appendix 2 <ul><li>How to Document Workflows </li></ul>
    55. 55. How to Document Workflows
    56. 56. How to Document Workflows
    57. 57. How to Document Workflows
    58. 58. How to Document Workflows
    59. 59. How to Document Workflows
    60. 60. Thank you!
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×