Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘MPR’ Category

(2013-10-03) Showing The MPRs A Specific WorkflowDefinition Object Is Being Used In

Posted by Jorge on 2013-10-03


As you know WorkflowDefinitions are only useful within Management Policy Rules (MPRs) and when referenced by SETs. If you want to see if WorkflowDefinitions are being used at all or not, you should have a look at this blog post. In this case we are interested to find out in WHICH MPRs a specific WorkflowDefinition is being used. By default you would need to use the MPR Explorer to find out. You can read more about the MPR Explorer in this blog. Before being able to use the MPR Explorer, you first need to know the name of the WorkflowDefinition. Then you open up the MPR Explorer, specify for what you want to find MPRs (in this case a WorkflowDefinition) and then you define criteria. Finally the results will be shown. Now is it possible to do this in an easier way? YES, it is!

Away silver! Smile

When looking at WorkflowDefinitions, those can be used by MPRs in the following way:

  • Request Based MPRs
    • As an authentication workflow
    • As an authorization workflow
    • As an action workflow
  • Transition Based MPRs
    • As an action workflow

The easiest way to find in which MPRs a specific WorkflowDefinition is being used, is through the GUI with very minimal input. In other words, by adjusting the RCDC of the WorkflowDefinition object. I only paid attention for the RCDC for editing WorkflowDefinitions. I’m showing this in picture 1. For the RCDC (edit mode) of the WorkflowDefinition object I added an additional TAB called “Referencing MPRs”. Within that TAB you will find 3 sections where MPRs can be listed is referencing that specific WorkflowDefinition. For each MPR I also specify if an MPR is disabled or not, and in the case of request based MPRs I also specify if the MPR is a permissions based MPR.

image

Figure 1: Listing The Request Based MPRs And The Transition Based MPRs Which The WorkflowDefinition Can Be Used In

In the picture above you see in which request based MPRs and in which transition based MPRs the WorkflowDefinition is being used.

OK, OK, of course you want to know HOW to do this?! After exporting the RCDC configuration for EDIT mode of WorkflowDefinition objects, you add the XML text below AFTER the “activitiesGrouping” grouping and BEFORE the “Summary” grouping. Save the XML file, and reimport it as a new RCDC configuration for EDIT mode. Either wait at least 15 minutes for the GUI to be refreshed or perform a manual IISRESET on every FIM Portal server.

<my:Grouping my:Name="ReferencingMPRs" my:Caption="Referencing MPRs" my:Enabled="true" my:Visible="true"> <my:Control my:Name="ActivityUsedInRequestMPRs" my:TypeName="UocListView" my:Caption="Activity Used In Request MPRs" my:Description="This Activity Is Used In The Following Request MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any Request MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and (AuthenticationWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'] or AuthorizationWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'] or ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%']))]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="ActivityUsedInTransitionInMPRs" my:TypeName="UocListView" my:Caption="Activity Used In TransitionIN MPRs" my:Description="This Activity Is Used In The Following TransitionIN MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any TransitionIN MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionIn' and ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="ActivityUsedInTransitionOutMPRs" my:TypeName="UocListView" my:Caption="Activity Used In TransitionOUT MPRs" my:Description="This Activity Is Used In The Following TransitionOUT MPRs..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="The Activity Is NOT Used In Any TransitionOUT MPR..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionOut' and ActionWorkflowDefinition=/WorkflowDefinition[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Forefront Identity Manager (FIM) Portal, MPR, RCDC, Workflow | 4 Comments »

(2013-10-02) Showing The MPRs A Specific SET Object Is Being Used In

Posted by Jorge on 2013-10-02


As you know SETs are only useful within Management Policy Rules (MPRs), when referenced by other SETs, when referenced by Search Scopes and when referenced by RCDCs. If you want to see if SETs are being used at all or not, you should have a look at this blog post. In this case we are interested to find out in WHICH MPRs a specific SET is being used. By default you would need to use the MPR Explorer to find out. You can read more about the MPR Explorer in this blog. Before being able to use the MPR Explorer, you first need to know the name of the SET. Then you open up the MPR Explorer, specify for what you want to find MPRs (in this case a SET) and then you define criteria. Finally the results will be shown. Now is it possible to do this in an easier way? YES, it is!

Away silver! Smile

When looking at SETs, those can be used by MPRs in the following way:

  • Request Based MPRs
    • As a “requestor SET”
    • As a “before the operation SET”
    • As a “after the operation SET”
  • Transition Based MPRs
    • As a “Transition IN” SET
    • As a “Transition OUT” SET

The easiest way to find in which MPRs a specific SET is being used, is through the GUI with very minimal input. In other words, by adjusting the RCDC of the SET object. I only paid attention for the RCDC for editing SETs (which can also be used for viewing by the way). I’m showing this in figure 1 and 2. For the RCDC (edit mode) of the SET object I added an additional TAB called “Referencing MPRs”. Within that TAB you will find 5 sections where MPRs can be listed if referencing that specific SET. For each MPR I also specify if an MPR is disabled or not, and in the case of request based MPRs I also specify if the MPR is a permissions based MPR.

image

Figure 1: Listing The Request Based MPRs Which The SET Can Be Used In

In the picture above you see in which request based MPR the SET is being used as either a requestor SET, a “before the operation SET” and/or an “after the operation SET”. If you scroll further down you will what is shown below.

image

Figure 2: Listing The Transition Based MPRs Which The SET Can Be Used In

In the picture above you see in which transition based MPR the SET is being used as either a “transition in SET” and/or an “transition out SET”.

OK, OK, of course you want to know HOW to do this?! After exporting the RCDC configuration for EDIT mode of SET objects, you add the XML text below AFTER the “StaticMembership” grouping and BEFORE the “Summary” grouping. Save the XML file, and reimport it as a new RCDC configuration for EDIT mode. Either wait at least 15 minutes for the GUI to be refreshed or perform a manual IISRESET on every FIM Portal server to refresh immediately.

<my:Grouping my:Name="ReferencingMPRs" my:Caption="Referencing MPRs" my:Enabled="true" my:Visible="true"> <my:Control my:Name="SETUsedInRequestMPRAsRequestorSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As Requestor SET" my:Description="This SET Is Used In An Request MPR As A Requestor SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A Requestor SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and PrincipalSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInRequestMPRAsBeforeSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As Before SET" my:Description="This SET Is Used In An Request MPR As A Before SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A Before SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInRequestMPRAsAfterSET" my:TypeName="UocListView" my:Caption="Used In Request MPR As After SET" my:Description="This SET Is Used In An Request MPR As A After SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In An Request MPR As A After SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='Request' and ResourceFinalSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInTransitionMPRAsTransitionInSET" my:TypeName="UocListView" my:Caption="Used In Transition MPR As TransitionIN SET" my:Description="This SET Is Used In A Transition MPR As A TransitionIN SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In A Transition MPR As A TransitionIN SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionIn' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> <my:Control my:Name="SETUsedInTransitionMPRAsTransitionOutSET" my:TypeName="UocListView" my:Caption="Used In Transition MPR As TransitionOUT SET" my:Description="This SET Is Used In A Transition MPR As A TransitionOUT SET..."> <my:Properties> <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Disabled,GrantRight"/> <my:Property my:Name="ResultObjectType" my:Value="ManagementPolicyRule"/> <my:Property my:Name="EmptyResultText" my:Value="This SET Is NOT Used In A Transition MPR As A TransitionOUT SET..."/> <my:Property my:Name="ListFilter" my:Value="/ManagementPolicyRule[(ManagementPolicyRuleType='SetTransition' and ActionType='TransitionOut' and ResourceCurrentSet=/Set[ObjectID='%ObjectID%'])]"/> <my:Property my:Name="PageSize" my:Value="10"/> <my:Property my:Name="ShowTitleBar" my:Value="false"/> <my:Property my:Name="ShowActionBar" my:Value="false"/> <my:Property my:Name="ShowPreview" my:Value="false"/> <my:Property my:Name="ShowSearchControl" my:Value="false"/> <my:Property my:Name="EnableSelection" my:Value="false"/> <my:Property my:Name="SingleSelection" my:Value="false"/> <my:Property my:Name="ItemClickBehavior" my:Value="ModelessDialog"/> <my:Property my:Name="ReadOnly" my:Value="true"/> </my:Properties> </my:Control> </my:Grouping>

Et voila!

For other scenarios, see:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Forefront Identity Manager (FIM) Portal, MPR, RCDC, SET | 3 Comments »

 
%d bloggers like this: