Access Governance Suite Workflow Extensibility: Illegal Request Handling

Document ID:7100006
Creation Date:15-Mar-2013
Modified Date:07-Aug-2013
- Micro Focus Products:
  Access Governance

Environment

NetIQ Access Governance Suite

Situation

Resolution

Step 1: Modify stock LCM Provisioning workflow to transition to illegal request handler step when criteria for "illegal request" is detected (e.g., account ends with "_FC"). This transition can be added to the very first step in the workflow.

<Step icon="Start" name="Start">
<Transition to="Illegal Request Handler">
<Script>
<Source>
String APP_NAME = "Active_Directory";
boolean result = false;

// POC - Check submitted request for illegal
// criteria (account names, entitlement values).
//
AccountRequest ar = plan.getAccountRequest(APP_NAME);
if (null != ar) {
System.out.println("...found account request for: " + APP_NAME);
String accountId = ar.getNativeIdentity();

// POC - Look for "_FC" suffix on account name
if (accountId.endsWith("_FC")) {
System.out.println("..found illegal account in request: " + accountId);
result = true;
}
}

return result;

</Source>
</Script>
</Transition>
<Transition to="Initialize"/>
</Step>

Step 2: Add step for handling illegal account request. In this example, the step sets a return message that will go back torequester and then transitions to the end of the workflow.

<Step action="addMessage" name="Illegal Request Handler">
<Arg name="message">
<Script>
<Source>
return "Your request is not allowed due to policy. Account: " + workflow.get("illegalItem");
</Source>
</Script>
</Arg>
<Arg name="type" value="Error"/>
<Transition to="end"/>
</Step>

Step 3:Once workflow is updated, test the new capability.