Skip to content

Update Resources Activity

Eugene Sergeev edited this page Jan 10, 2016 · 18 revisions

Overview

The Update Resources activity is the "bread and butter" activity of WAL. It is used to update MIM / FIM resources as well as populate WorkflowData dictionary. This activity completely eliminates the need for the out-of-box Function Evaluator activity.

Activity UI

Update Resources - Activity UI

Activity Display Name

Optional. Name of the activity to be displayed on the MIM / FIM workflow designer.

Advanced Features

Query Resources

Optional. If this setting is selected, the activity can be configured to query resources which can be used in the update definitions as source value expressions or targets as well as in the activity execution condition and iteration.

Queries

Required when "Query Resources" setting is selected. Specify one or more XPath queries which should be run by the activity. e.g.

Key XPath Filter
Terminations /Person[EmployeeStatus = 'T']
OnLeaves /Person[EmployeeStatus = 'L']

The Queries can be referenced in source value expressions or targets using lookups with the [//Queries/Key/...] grammar. e.g. [//Queries/Terminations/Manager] for consumption in a source value expression or [//Queries/Terminations/Description] for consumption in a target lookup for mass update.

Note: The queries are executed in the order they are defined. Data from the first query could also be used in the filter criteria for the second query providing for the ability to further refine the result set.

Activity Execution Condition

Optional. The condition which must be satisfied for execution of this activity's core task (i.e. make updates to the specified targets). This can be any WAL function expression resolving to a boolean value.

Iteration

Optional. This is a lookup or function expression returning a collection of values to iterate over. e.g. [//Delta/MembersToAdd/Added]. The instance value can be referenced in update definitions using lookup with the [//Value/..] grammar. e.g. [//Value/Manager].

Request Actor

Required. The user under whose context all the child requests (updates) are submitted. The possible values are:

  • Service Account
  • Requestor
  • Resolve From Expression
  • Search by Account Name

Service Account (FIMService) is the default actor.

Actor Expression

Required when "Resolve From Expression" option is selected for Request Actor. Specify a lookup or function expression which will resolve to the desired actor.

Actor Account Name

Required when "Search by Account Name" option is selected for Request Actor. Specify a account name of the desired actor. The domain name can optionally be specified using the Domain\AccountName syntax.

Apply Authorization Policy

Optional. When this setting is selected, the child update requests will be subjected to any authorization MPRs configured.

Updates

Required. Specify the updates to be performed by the activity. Lookups are used in the value expressions and are also used to represent target resources and attributes. Variables may also be specified as a target and then used in the value expression for subsequent update definitions. The "Allow Null" option enforces the deletion of target values when the source value expression resolves to a null value.

Implementation Guidance

Do not use this activity simply to do the job that could be done with coding classic management agent rules extensions. Running workflows to do attribute transformations is orders of magnitude slower than executing rules extensions code.

If you think you could avoid developing your own custom activity if a feature were added to WAL, please post the feedback on the WAL project forum.

When developing your own additional custom activity when you must, simplify the development by focusing on the business task at hand and let the Update Resources activity do all the FIM plumbing such as the grammar resolutions and resource lookups, prepare the input data for your activity and make any MIM / FIM resource updates for you. Use WorkflowData dictionary as a mechanism to get data into and out of your activity.

Examples

The following Update Resources activity strips a permanent leaver [//Target] of membership of all static groups:

Activity Display Name Remove Permanent Leaver from All Static Groups
Queries
Key XPath Filter
Groups /Group[MembershipLocked = False and ExplicitMember = '[//Target]']
Updates
Value Expression Target Allow Null
RemoveValues([//Target]) [//Queries/Groups/ExplicitMember]

The following Update Resources activity submits an automated request to extend end-date for contractors by 6 months (which then triggers an authorization policy for seeking approval from manager):

Activity Display Name Extend Contractor End-date
Request Actor Search by Account Name
Actor Account Name fim.automation.agent
Apply Authorization Policy True
Value Expression Target Allow Null
DateTimeAdd(DateTimeNow(), "180:00:00:00.0") [//Target/EmployeeEndDate]

notes

Workflow data and object updates are aggregated, meaning that if you specify updates as:

"one" -> [//WorkflowData/MyString]

"two" -> [//WorkflowData/MyString]

null() -> [//WorkflowData/MyString]

resulting value of [//WorkflowData/MyString] will be either two or null depending on a checkbox Allow null right to the target name.

The same applies to object updates: "one" -> [//Target/MyAttr]

[//Target/MyAttr] -> $x

"two" -> [//Target/MyAttr]

There will be only one update made to the target: two will be written into MyAttr. As for the $x variable then it will either get null if MyAttr contained no value prior to this activity step or the old MyAttr value, but not one or two

Clone this wiki locally