none
Custom approval workflow when adding members to a group RRS feed

  • Question

  • Hi All,

    I have a customer requirement, where they want the ability for anyone using the portal to be able to add any other member to any available security group. The catch here is that the approval should come from the manager of the member being added

    For example, if we have 3 users in the FIM portal, User1, User2 and User3. Now, say User1 adds User2 and User3 to some group, then an approval should be fired to the managers of User2 and User3 before they are added to the group. I'm guessing the group owner will also need to give his approval, but thats simple enough.

    I tried creating an Authorisation activity, seeking approval from the "Delta" workflow parameter, but it only lets me do //Delta/ExplicitMember/Added (or removed), whereas I want to say something like "Seek approval from" [//Delta/ExplicitMember/Added/Manager] - alas, this doesn't work.

    I'm guessing I will need some custom WF to do this, and I'm comfortable creating action workflows (using the PowerShell WF activity). However, I'm not sure on how to proceed with this.

    This post has the same question http://social.technet.microsoft.com/Forums/en-US/2bb5cea4-146c-4745-aa5d-6668ea9f9ef0/simple-question-on-deltaexplicitmemberadded-lookup-values?forum=ilm2

    However, I'm trying to do this using the PowerShell activity worfklow and I'm not sure how EnumerateResources and the like translate into that

    Thanks in advance

    • Edited by kmittal82 Thursday, August 7, 2014 10:14 AM
    Thursday, August 7, 2014 10:07 AM

Answers

  • Haha, here I go answering my own question again (well, sort of)

    I managed to almost get this working using the PS WF activity. For anyone interested, what you would do is firstly have create a new Approval WF, first activity will be the PS activity. The main job of the WF activity will be to calculate the managers of the members being added and put it in the WF dictionary, then the OOTB approval WF uses this information for approval.

    In the PS script, using the request object get the URI for all managers, then add them to an array of [Microsoft.ResourceManagement.WebServices.UniqueIdentifier] type. Then pass this array to the WF dictionary.

    Hope this helps

    • Marked as answer by kmittal82 Thursday, August 7, 2014 1:58 PM
    Thursday, August 7, 2014 1:57 PM