Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In

Posted by Jorge on 2013-10-03


As you know WorkflowDefinitions are only useful within Management Policy Rules (MPRs) and when referenced by SETs. If you want to see if WorkflowDefinitions are being used at all or not, you should have a look at this blog post. In this case we are interested to find out in WHICH MPRs a specific WorkflowDefinition is being used. By default you would need to use the MPR Explorer to find out. You can read more about the MPR Explorer in this blog. Before being able to use the MPR Explorer, you first need to know the name of the WorkflowDefinition. Then you open up the MPR Explorer, specify for what you want to find MPRs (in this case a WorkflowDefinition) and then you define criteria. Finally the results will be shown. Now is it possible to do this in an easier way? YES, it is!

Away silver! Smile

When looking at WorkflowDefinitions, those can be used by MPRs in the following way:

  • Request Based MPRs
    • As an authentication workflow
    • As an authorization workflow
    • As an action workflow
  • Transition Based MPRs
    • As an action workflow

The easiest way to find in which MPRs a specific WorkflowDefinition is being used, is through the GUI with very minimal input. In other words, by adjusting the RCDC of the WorkflowDefinition object. I only paid attention for the RCDC for editing WorkflowDefinitions. I’m showing this in picture 1. For the RCDC (edit mode) of the WorkflowDefinition object I added an additional TAB called “Referencing MPRs”. Within that TAB you will find 3 sections where MPRs can be listed is referencing that specific WorkflowDefinition. For each MPR I also specify if an MPR is disabled or not, and in the case of request based MPRs I also specify if the MPR is a permissions based MPR.

image

Figure 1: Listing The Request Based MPRs And The Transition Based MPRs Which The WorkflowDefinition Can Be Used In

In the picture above you see in which request based MPRs and in which transition based MPRs the WorkflowDefinition is being used.

OK, OK, of course you want to know HOW to do this?! After exporting the RCDC configuration for EDIT mode of WorkflowDefinition objects, you add the XML text below AFTER the “activitiesGrouping” grouping and BEFORE the “Summary” grouping. Save the XML file, and reimport it as a new RCDC configuration for EDIT mode. Either wait at least 15 minutes for the GUI to be refreshed or perform a manual IISRESET on every FIM Portal server.

<my:Grouping my:Name="ReferencingMPRs" my:Caption="Referencing MPRs" my:Enabled="true" my:Visible="true"> <my:Control my:Name="ActivityUsedInRequestMPRs" my:TypeName="UocListView" my:Caption="Activity Used In Request MPRs" my:Description="This Activity Is Used In The Following Request MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any Request MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and (AuthenticationWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'] or AuthorizationWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'] or ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%']))]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="ActivityUsedInTransitionInMPRs" my:TypeName="UocListView" my:Caption="Activity Used In TransitionIN MPRs" my:Description="This Activity Is Used In The Following TransitionIN MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any TransitionIN MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionIn' and ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="ActivityUsedInTransitionOutMPRs" my:TypeName="UocListView" my:Caption="Activity Used In TransitionOUT MPRs" my:Description="This Activity Is Used In The Following TransitionOUT MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any TransitionOUT MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionOut' and ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

4 Responses to “(2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In”

  1. […] (2013-09-24) AD User Accounts For Which The ADFS STS Can Generate Security Tokens (2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In […]

  2. […] (2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In […]

  3. Very neat solution, like the group reporting, I think i will use this in my solutions. thx Jorge

  4. Mickey said

    Jorge, thanks for this – really helps keeping track of what does what.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: