Symantec IGA

  • Private Community

  • 1.  Custom Multi Level Participant Resolver IDM

    Posted May 10, 2018 05:14 AM

    Hi 

     

    I am using below code in participant resolver to send approval to user's manager:

     

    String managerName = user.getAttribute("eTCustomField22");
    User manager = up.findUser(managerName, null);
    System.out.println("Manager name is: " + managerName);
    partResolvers.add(manager);

     

    1. Instead of User Manager, I need to send approval to Members of Access Role(ManagerAccessRole) at first level.

    Could you help me in letting know, which APIs I need to use to send approval to Access Role Members. In worst case, if not possible with Access Role, then how to send approval to Admin Role members.

     

    2. At second level, I need to send approval to Members of Access Role(AdminAccessRole).

    If I add just one more statement(In example, assuming second approver is Manager's-manager):

    partResolvers.add(manager's-manager);

    Will it become two level approval by just adding another approver.(So if Manager approve it, it goes to Manager's Manager at second level)

     

    Regards

    Jaspreet



  • 2.  Re: Custom Multi Level Participant Resolver IDM

    Posted May 10, 2018 09:22 AM

    Its still unanswered. By mistake, status set to answered.



  • 3.  Re: Custom Multi Level Participant Resolver IDM
    Best Answer

    Broadcom Employee
    Posted May 14, 2018 11:41 AM

    Hi Jaspreet,

     

    1. You can retrieve the specified access role, using the role's friendly name as following:

    AccessRole ar = partResolverApiContext.getAccessRoleProvider().findAccessRole("ManagerAccessRole");

     

    and the its members with the appropriate attribute rights collection as following:

    AttributeRightsCollection arc = new AttributeRightsCollection();
    arc.addEntry(new AttributeRight(User.PROPERTY_UNIQUE_NAME, PermissionType.READONLY));
    arc.addEntry(new AttributeRight(User.PROPERTY_FULL_NAME, PermissionType.READONLY));
    arc.addEntry(new AttributeRight(User.PROPERTY_EMAIL, PermissionType.READONLY));
    partResolvers = ar.getMembers(arc);

     

    2. You can use the OOTB TwoStageApprovalProcess working with the first request to the business approver and
    the second request to the technical approver.
    In the business approver section, set your custom class as a participant resolver to deal with the "ManagerAccessRole" members as previously mentioned .
    In the technical approver section, set another custom class as a participant resolver to deal with the other "AdminAccessRole" members.

     

    Regards,

    Philippe.