none
Request Splitting in FIM RRS feed

  • Question

  • Hi,

    based on scarcely available information, it seems that "Request splitting" is possible in FIM 2010 R2. I have following scenario:

    • user A adds 4 users (B, C, D, E) to group X
    • B and C have manager F
    • D has manager G
    • E has manager H

    Group management consists of two approvals, one by corresponding user manager and the other by group manager. In above mentioned scenario there should be following requests for approval:

    • request for B and C sent to F
    • request for D send to G
    • request E send to H

    If F rejects the request that should not affect approvals for G and H, which means I have to split original request somehow.

    I am able to resolve (and properly group) users within custom built activity in authorization phase, but I can't figure out on how to create new Requests. I am thinking of using UpdateResourceActivity and add those members to target group, thereby spawning new Request.

    Yet, I am unsure whether this is a correct approach (for instance, if I then cancel "parent" approval workflow it will probably reject all changes made, and if not, user will still get "denied" message, instead of "pending approval".

    This scenario seems very common to me. I believe I am missing something very obvious :)

    Thank you in advance for any idea and suggestion.

    Sunday, April 13, 2014 6:50 PM

All replies

  • Let me verify if I understood correctly - you want not "owner approval" but "user's manager approval"?

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Sunday, April 13, 2014 7:25 PM
  • Hi Dominik,

    Yes, that's exactly what I need :)

    Regards, P

    Sunday, April 13, 2014 7:33 PM
  • It is possible but you will have to design and implement it on your own in a code \ FIM configuration. Basically you need to grab current request and gather data all information needed to create new requests.

    This should be stored in separate object type which will be then processed to create new request updates to the group as splitted requests - in your case users grouped by manager. 

    Then in your approval workflow you will have to calculate your target user manager and put it as approver in workflow instead of group owner. 

    This is how I would approach it. 


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Sunday, April 13, 2014 9:17 PM
  • Hi Tomek,

    The most clean design would be to have custom request objects, as you proposed. Unfortunately, customer wants this to be part of (Join/Leave, Add/Remove member action).

    So I've done following:

    • In approval workflow, custom activity checks if request contains users with multiple managers, if it does, it creates new requests and then terminates the existing request
    • If all users contain the same manager, approval is then sent to their manager

    Luckily, termination of request before any approval takes place doesn't seem to have any side effects (user even gets "Pending approval" message at the end of his request).

    Thanks again :)

    Monday, April 14, 2014 8:57 AM