-
Notifications
You must be signed in to change notification settings - Fork 36
Update Resources Activity
The Update Resources activity is the "bread and butter" activity of WAL. It is used to update MIM / FIM resources as well as populate WorkflowData
dictionary. This activity completely eliminates the need for the out-of-box Function Evaluator activity.
Optional. Name of the activity to be displayed on the MIM / FIM workflow designer.
Optional. If this setting is selected, the activity can be configured to query resources which can be used in the update definitions as source value expressions or targets as well as in the activity execution condition and iteration.
Required when "Query Resources" setting is selected. Specify one or more XPath queries which should be run by the activity. e.g.
Key | XPath Filter |
---|---|
Terminations | /Person[EmployeeStatus = 'T'] |
OnLeaves | /Person[EmployeeStatus = 'L'] |
The Queries can be referenced in source value expressions or targets using lookups with the [//Queries/Key/...] grammar. e.g. [//Queries/Terminations/Manager]
for consumption in a source value expression or [//Queries/Terminations/Description]
for consumption in a target lookup for mass update.
Note: The queries are executed in the order they are defined. Data from the first query could also be used in the filter criteria for the second query providing for the ability to further refine the result set.
Optional. The condition which must be satisfied for execution of this activity's core task (i.e. make updates to the specified targets). This can be any WAL function expression resolving to a boolean value.
Optional. This is a lookup or function expression returning a collection of values to iterate over. e.g. [//Delta/MembersToAdd/Added]
. The instance value can be referenced in update definitions using lookup with the [//Value/..]
grammar. e.g. [//Value/Manager]
.
Required. The user under whose context all the child requests (updates) are submitted. The possible values are:
- Service Account
- Requestor
- Resolve From Expression
- Search by Account Name
Service Account (FIMService) is the default actor.
Required when "Resolve From Expression" option is selected for Request Actor. Specify a lookup or function expression which will resolve to the desired actor.
Required when "Search by Account Name" option is selected for Request Actor. Specify a account name of the desired actor. The domain name can optionally be specified using the Domain\AccountName syntax.
Optional. When this setting is selected, the child update requests will be subjected to any authorization MPRs configured.
Required. Specify the updates to be performed by the activity. Lookups are used in the value expressions and are also used to represent target resources and attributes. Variables may also be specified as a target and then used in the value expression for subsequent update definitions. The "Allow Null" option enforces the deletion of target values when the source value expression resolves to a null value.
Do not use this activity simply to do the job that could be done with coding classic management agent rules extensions. Running workflows to do attribute transformations is orders of magnitude slower than executing rules extensions code.
If you think you could avoid developing your own custom activity if a feature were added to WAL, please post the feedback on the WAL project forum.
When developing your own additional custom activity when you must, simplify the development by focusing on the business task at hand and let the Update Resources activity do all the FIM plumbing such as the grammar resolutions and resource lookups, prepare the input data for your activity and make any MIM / FIM resource updates for you. Use WorkflowData
dictionary as a mechanism to get data into and out of your activity.
The following Update Resources activity strips a permanent leaver [//Target]
of membership of all static groups:
Activity Display Name | Remove Permanent Leaver from All Static Groups | |
Queries | ||
Key | XPath Filter | |
Groups | /Group[MembershipLocked = False and ExplicitMember = '[//Target]'] | |
Updates | ||
Value Expression | Target | Allow Null |
RemoveValues([//Target]) | [//Queries/Groups/ExplicitMember] |
The following Update Resources activity submits an automated request to extend end-date for contractors by 6 months (which then triggers an authorization policy for seeking approval from manager):
Activity Display Name | Extend Contractor End-date | |
Request Actor | Search by Account Name | |
Actor Account Name | fim.automation.agent | |
Apply Authorization Policy | True | |
Value Expression | Target | Allow Null |
DateTimeAdd(DateTimeNow(), "180:00:00:00.0") | [//Target/EmployeeEndDate] |
Workflow data and object updates are aggregated, meaning that if you specify updates as:
"one" -> [//WorkflowData/MyString]
"two" -> [//WorkflowData/MyString]
null() -> [//WorkflowData/MyString]
resulting value of [//WorkflowData/MyString]
will be either two
or null
depending on a checkbox Allow null
right to the target name.
The same applies to object updates:
"one" -> [//Target/MyAttr]
[//Target/MyAttr] -> $x
"two" -> [//Target/MyAttr]
There will be only one update made to the target: two
will be written into MyAttr
. As for the $x
variable then it will either get null if MyAttr
contained no value prior to this activity step or the old MyAttr
value, but not one
or two
- MIMWAL Site - http://aka.ms/MIMWAL
- MIMWAL Releases - http://aka.ms/MIMWAL/Releases
- MIMWAL Documentation Wiki - http://aka.ms/MIMWAL/Wiki
- MIMWAL FAQ - http://aka.ms/mimwal/faq
- MIMWAL GitHub Code Repo - http://aka.ms/MIMWAL/Repo
- MIMWAL TechNet Q&A Forum (now read-only) - http://aka.ms/MIMWAL/Forum