cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Attribute Validation with Extension Framework

Former Member

on ‎11-09-2015 10:11 PM

0 Kudos

Hi everyone, I am new to using the Extension Framework, and am currently working with IDM 7.2 SP8.  I'll start by explaining the issue and what I'm trying to do. Managers are not allowed to request roles for their direct reports, but IDM lets this occur.  I have customized the workflow upon submission so that the request is rejected and an email gets sent to the manager indicating the issue.  However, I would like to display a custom UI message precisely when a manager presses the save button after requesting a role for one of their direct reports. From what I understand, the Extension Framework utilizes two functions; onLoad and onSubmit.  Using the onSubmit function, I can easily check the array of changed values to see if a role was requested.  Next, I need to check to see if the requestor of the role is the manager of the person for whom the role was requested (This is the part this is a little tricky for me). 1.)  Does anyone know how to capture the person who requested the role? 2.)  The OnSubmit function gives you access to IdmSubmit data which holds the attributes/values that changed.  Is there a way to access all of the attributes/values for an entry within the OnSubmit function, and not just the attribute/value pairs that changed prior to saving?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

normann
Advisor
Advisor
‎11-10-2015 7:59 AM
0 Kudos

Hi Kelvin,

I also think that should not be an issue. I have done similar thing already.

I'm not sure whether I understand your requirement but basically I don't think you need the extension framework.

If you don't want managers to be able to execute a task for their "direct reporters", you assure that with a filter on the access control. The lower part of the access control window is made for that. You select "Filter" and enter a query like "select mskey from idmv_value_basic where mskey not in (select mcOtherMSKEY form idmv_link_ext where mcThisMSKEY = %ADMINMSKEY% and mcAttrName = 'MX_MANAGER'" (not tested, just my first idea).

If you just want to limit the values to be assigned in that specific task, you can do that by limiting the valid values of the attribute MXREF_MX_PRIVILEGE or MXREF_MX_ROLE (whatever you are using here). You double click the attribute in the list of attributes of the UI task and go to tab "Attribute Values" and enter an SQL filter where you can use %ADMINMSKEY% as well in your SQL query in order to filter the possible values for that current requester.

Regards

Norman

Show replies
Show replies
former_member2987
Active Contributor
‎11-10-2015 2:15 PM
0 Kudos

I think this is a much simpler approach and much easier to implement rather than relying on custom coding. I also like the fact that this could be extended in such a way to specify the approver (with a different query of course, maybe depending on location, department, or some other attribute)

jaisuryan
Active Contributor
‎11-10-2015 1:04 AM
0 Kudos

Hi Kelvin,

I haven't implemented Extension Framework. So spare me if my option seems absurd.

You can create an attribute called, may be, REQUESTOR (Framework doesn't support Entry Reference type) and add that to your UI task like below,

So when the user submits the request, the attribute will have the MSKEY of user who executes that task. Then you can read the attribute and build your logic around it?

Kind regards,

Jai

Show replies
Show replies
Ask a Question