How can I route a task based on user attributes in IBM BPM 8.5.6?
In my case I have a list of attributes assigned to each users. For example a user will have an attribute called Region and this can have multiple values. So what we do is keep it as a comma separated string. Like REG1,REG2,REG3. Now when a task is initiated there will be a region associated with it. So I want this task to be routed to only those users who have that region value set.
I've created a team filter service and filter out a list of users. This works fine but the problem here is if we add a new user with appropriate region or add new regions to existing users these tasks are not visible to them. Is there any way to dynamically update the user list?
PS: I can create one group per region or one team retrieval service per region as there will be 100s of regions.
IBM BPM won't update the user repository all the time, there are certain events that will trigger an update:
http://www-01.ibm.com/support/knowledgecenter/SSFPJS_8.5.6/com.ibm.wbpm.admin.doc/topics/sync_users_and_groups.html
Quoting the article (because IBM articles may vanish at some point):
IBM Business Process Manager implicitly synchronizes external users and groups based on the following triggers:
Upon startup of a cluster member or server, all available groups (without members) are synchronized, so that all external groups are available for IBM BPM modeling and execution.
When a user logs in to a IBM BPM web application, such as Process Portal, for the first time, that user is created in the IBM Business Process Manager database.
When a new or existing user logs in to a IBM BPM web application, such as Process Portal, that user's full name and group memberships are updated. The groups the user belongs to are queried from the external user registry, and the IBM Business Process Manager database content is updated to reflect the current state.
When a REST call is triggered because a user that was newly registered in a federated repository (using an LDAP server) is not yet known to IBM Business Process Manager, synchronization of external users and groups with IBM Business Process Manager takes place. This synchronization is done only once.
You can also trigger synchronization via the process admin console or manually with usersSync or usersFullSync commands
Related
I have a saas platform I'm building and I'm currently struggling with how to model my auth flow. The system is going to be multiple multi-tenant applications but I would like to unify user authorization & authentication. Basically, each US State will have its own web app/resource server/database and every county in that state will be a separate tenant. I cannot combine all states into one application, so that is not an option.
I would like to throw all users and their information/password into one database connected to my auth service. But each county (tenant) admin within each state (web app) needs to be able to add & manager their users and their roles. So the auth service needs to be aware of all the different tenants across each application. I also need to be able to link items created in each database to the user that created it. If I create object "X" and another user in my county views that item, they can see "Kovaci" created this.
I also do NOT want SSO between states but if possible I would like users to be a part of multiple tenants within one app (not a requirement though). Native iOS/Mobile apps are another client I need to support with this flow.
I used this bitoftech article to base off of: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/comment-page-1/#comments
And here is my paint quick mockup: multi saas design
My question is just generally how do I design this auth part? Can I store all users in one auth db like my goal? If so, how do tenant admins manage them and how do I link tables in my separate app db's to the users' current info in the auth db?
Usually when a Disconnected Application Instance is provisioned to a user, the manual fulfillment tasks are by default assigned to "SYSTEM ADMINISTRATORS" Role. We can modify it to any other role directly in SOA Composer so that the Fulfillment tasks are assigned to the newly Updated role. We can also have different rules in place for different application instances.
But the scenario is like We have a Role associated with a access policy which will provision a Disconnected Application Instance to the user upon provisioning the role. The Access Policy is also associated with some entitlements which will require manual fulfillment tasks to be assigned to particular fulfillment role which differs for different roles.
How do we dynamically fetch the Fulfillment Role in order to assign the task to them. I understand we should achieve it using the Oracle Business Rules. But How do I get the catalog attributes in the DisconnectedProvisioning composite.
I am a beginner in SOA - Workflow implementation. So please provide some detailed answers.
Thanks,
Srini
You should be able to assign a role to the Fulfillment Roles on the Disconnected App and it's separate entitlements in the catalog.
Then when the Access Policy triggers First a Provision Task should be generated for the Fulfiller role on the application instance, then once that is completed a Grant Entitlement task will be created for the fulfiller roles associated with each entitlement.
Process App information is stored in LSW_PROJECT table
Human services and other "tasks" are designed in Process Designer to the Process App. I believe these are stored in LSW_PROCESS and LSW_PROCESS_ITEM.
How do I make a query associating a Process App to the services included in that App?
What is the significance of LSW_TASK table?
Is there any documentation which describe the tables used in IBM BPM ?
Querying the product database tables is not a supported method in IBM BPM. The database schema is not documented in the BPM knowledge center. There are REST API and Java Script API method to obtain information about the projects (which are stored in LSW_PROJECT). For the JS API, you could go through all process apps with the getAllProcessApps or the REST API with GET /rest/bpm/wle/v1/processApps
The LSW_TASK table holds information about the tasks which people (users) or the system processes. These are created for each activity on a BPD diagram. These are then deleted with the BPDProcessInstanceCleanup command is run.
If you describe your what problem you are trying to solve, I can direct you to specific resources that may already exist.
I'm developing a mobile application which I would like to distribute globally. The app is targeted for managers who want their employees to update data as they are on-the-go, while the manager has a web dashboard that collects and dices the data.
The architecture I would like to implement, is that the manager logs in to the product's website, creates an account, and gets a code. Employees are then asked to download the app, and enter that code upon initial setup.
My question is about the back-end implementation of the setup - I would like for each new customer to have their own firebase instance, which is automatically set up and registered when the account is created.
It seems like the API does not support creating new accounts or new repositories/instances.
Is there a way to create an account/instance using a script? If not, would one instance be able to hold potentially a very large number of tables, each table being a root for a specific customer and their data?
Thanks!
What is the best way to manage domain specific services? For eg: In a Financial domain, Should I have a global service "AccountCreation" or "CheckingAccountCreation", "CreditcardAccountreation" etc.
I am struggling whether to keep them at global level or keep them at the product level. what is the best approach?
You should probably focus in the data first: what data is there, and what data needs to stay consistent. Then focus on what the behaviours around that data are.
In a Financial domain, Should I have a global service "AccountCreation" or "CheckingAccountCreation", "CreditcardAccountreation" etc.
In this example, I would say that you have an "account" service, because you clearly have some accounts - and you probably have to ensure that, eg, you don't duplicate account numbers, apply anti-fraud rules, manage the workflow of creation, etc.
Your examples identify some behaviours: create a checking account, create a credit card account. Those would appropriately be commands that you send to the service, because they result in mutation of the data that the service owns.
If you add a "customer" service, though, that would be distinct from the accounts service: it doesn't have to be consistent with the account service, just to have a reference from accounts to customers by ID.
You also generally don't have shared behaviour that touches both parts - updating data about a customer shouldn't touch the details of their accounts (directly), and updating an account doesn't change the details of a customer.
You might have business rules in one service that change another, such as the account service listening for "a customer became a student" announced by the customer service, and then doing some internal processing.