7.13 Resource Request Activity

The Resource Request activity allows you to automate the granting or revoking of resources to users. For example, you might write a provisioning request definition that provisions all of the resources a new employee needs on their first day. Using the resource request activity, you can automate the approval of that employee for specified resources.

The Resource Request activity runs within the system service security context.

There is no limit on the number of Resource Request activities allowed within a workflow.

The Resource Request activity fails if the requested resource DN or the target DN is invalid, or does not exist.

The result of the resource request is written as a system comment to the comment history.

The Resource Request activity does not support the ability to set the originator of the request. Use SOAP calls rather than this activity when you need this information.

7.13.1 Properties

The Resource Request activity has the following properties:

Table 7-24 Role Request Properties

Property Name

Description

Name

Required. Provides a localizable name for the activity.

Resources

Required. An expression that resolves to a list of requested resources. For information on building this expression, see Specifying the Roles and Targets Properties.

This is an example of the script to request a specific resource:

'CN=Administer Drugs,CN=ResourceDefs,CN=ResourceConfig,CN=AppConfig,' + PROVISIONING_DRIVER

In this script example, the value is retrieved from flowdata:

flowdata.get('Start/request_form/resource')

Description

Required. Text that describes the assignment request. This corresponds to the Initial Request Description field of the Request Resources Assignment tab.

Action

Specifies the action the activity should perform. Select a value from the drop-down list. The values are:

  • grant (default): Use this value if the resource should be granted.

  • revoke: Use this value if the resource should be revoked.

  • extend: Use this value to extend the expiration date of the specified resource. The resource must already be granted, and the value that you specify in Expiration Date must be later than the one currently specified.

Correlation ID

An optional string field. If not supplied, it defaults to the process instance ID. This string must be less than or equal to 64 characters.

Targets

Required. An expression that resolves to the DN of the object for whom the resource is requested. The target must be an object of the User class only. The targets that you specify must resolve to the Target Type specified.

For information on building this expression, see Specifying the Roles and Targets Properties.

The following examples show a script for targets:

'cn=ablake,ou=users,ou=medical-idmsample,o=novell'

Entitlement Params

Optional. A parameter required by the entitlement driver. For example, if the entitlement operation grants access to the Sales group, the parameter might specify the group.

Specifying a Resource and Targets Properties

Designer provides a convenient way to build the Resource and Targets expressions by using the Expression Builder.

  1. Click the button in the property’s Targets or Entitlement Params column.

    Designer launches this dialog box for adding or removing expressions.

  2. Click + to add a new Resource or Targets expression by using the Expression Builder.

    You can choose one of the ECMAScript Objects to build the Resource or Targets expression, or use the Identity Vault button to select a specific resource.

  3. Click OK after you are satisfied with expression. Repeat Step 2 to continue to add more expressions.

    IMPORTANT: You cannot specify values to the resource request form fields at the time of resource request activity through Designer.

7.13.2 Data Item Mapping

Not supported with this activity.

7.13.3 E-Mail Notification

Not supported with this activity.