Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
7 replies Latest Post - ‏2014-08-27T06:59:58Z by franzw
Shailesh Malkar
Shailesh Malkar
58 Posts
ACCEPTED ANSWER

Pinned topic ITIM Group Search in ISIM

‏2014-08-22T12:31:43Z |

Hi All,

How to search for ITIM Groups. Actually the requirement is to send an email to all group members, but there are many groups out of which I need to select only few based on some criteria while provisioning an account. So how to achieve that.

e.g. Account XYZ is to be provisioned, but in that there is an attribute A which is list box with multiple selections, so when user selects any value from List A, then mail should be sent to all those groups.

Thanks,

Shailesh S. Malkar

  • jManigandan
    jManigandan
    9 Posts
    ACCEPTED ANSWER

    Re: ITIM Group Search in ISIM

    ‏2014-08-25T06:49:04Z  in response to Shailesh Malkar

    You can achieve it adding mail node on ADD operation while  provisioning

  • yn2000
    yn2000
    1086 Posts
    ACCEPTED ANSWER

    Re: ITIM Group Search in ISIM

    ‏2014-08-25T15:09:21Z  in response to Shailesh Malkar

    This is an interesting requirement. I wonder I am witnessing a turning point in ISIM Group membership design to become as messy as AD Group membership design.

    If I were you, I would try to design it in more conservative way. First, ISIM Group is designed tor ISIM related access right, not for Email distribution group. Second, maybe you should use group membership in person entity, which is Role group membership. Many people would object that, because Role would be fit to represent business role, instead of Email distribution group. So, considering that AD is already hosting the Email distribution group, and having a principal to let 'the messy place be the messy place', then I would configure ISIM to send email to one email account, where the distribution of that email is managed/controlled by AD.

    Rgds. YN.

    • Shailesh Malkar
      Shailesh Malkar
      58 Posts
      ACCEPTED ANSWER

      Re: ITIM Group Search in ISIM

      ‏2014-08-26T04:25:45Z  in response to yn2000

      Hi YN,

      Sorry to put question in a wrong way. It is not at all about Mail DG, we have created all Mail DGs in AD only. The requirement is for SAP ERP provisioning. As you must be aware that there are various modules in SAP ERP (e.g. MM,SD,WM etc), and we have Module Owners for all such sap modules. So when person asks for an account in SAP ERP, he/she has to provide for which module they want access, so that appropriate SAP ROLES can be given to them. In order to do that he/she needs approval from Module Owner. In that case I assume mail need to be send to Module Owner, so that they can approve the request. We are thinking of creating ISIM Groups for all such SAP Module Owners. Is it a valid case?

      Thanks,

      Shailesh S. Malkar

      • yn2000
        yn2000
        1086 Posts
        ACCEPTED ANSWER

        Re: ITIM Group Search in ISIM

        ‏2014-08-26T05:06:00Z  in response to Shailesh Malkar

        Yup. it is a valid case and I see many approach to fulfill this requirement.

        Here is what you have to set in mind when designing the solution. First, there is only one user assigned as the module owner. (If there are more than one users then you need to have another trick, but let's assume there is only one user.) This means that ISIM will send one email only to one user, not a group. That means ISIM Group is not a good idea. Not only that, ISIM Group is design for ISIM access only. So, please do not use it for any other purpose. If you want some sort of group membership, please do it on the person entity, like a Role, and not in the ISIM Group. Second, the user (the owner of the SAP Module) is an ISIM user who has email address. (Of course you have it already). Third, you need a flag to indicate that the user is the owner of the SAP Module. This can be a Role, attribute value, or any other. Basically, ISIM needs to know which user to send the notification. Fourth, you build ISIM Operational Workflow with Approval node where the participant is a custom participant that is populated from the logic from the flag that you build.

        There could be some variant on how to do it exactly, but I hope it point you out to the right direction.

        Rgds. YN.

        • Shailesh Malkar
          Shailesh Malkar
          58 Posts
          ACCEPTED ANSWER

          Re: ITIM Group Search in ISIM

          ‏2014-08-26T05:21:41Z  in response to yn2000

          Hi YN,

          Thanks for the prompt reply. Yes, there is a possibility of multiple SAP Module Owners. How can we deal with it.

          Thanks,

          Shailesh S. Malkar

          • SanjaySutar
            SanjaySutar
            114 Posts
            ACCEPTED ANSWER

            Re: ITIM Group Search in ISIM

            ‏2014-08-27T03:40:17Z  in response to Shailesh Malkar

            If I have understood it correctly, you want to implement a workflow where provisioning request can trigger multiple approval (not just mails) and will complete (assign the requested SAP modules/roles based on approval/rejection  received)

            ISIM approval node stops the activity until any action (approval/rejection) is taken on it. This might be a challenge if you would like to trigger these approvals in parallel. Even if you use loop in workflow , the approvals will be triggered one after another.

             

            • franzw
              franzw
              331 Posts
              ACCEPTED ANSWER

              Re: ITIM Group Search in ISIM

              ‏2014-08-27T06:59:58Z  in response to SanjaySutar

              Parallel execution of e.g. approvals  is a general challenge in ISIM Workflow design.

              Here is how I generally solve that problem :

              Build a list of participants (approvers) and save that to properties

              Call a workflow recursively that :

              • calls the real approval workflow (I normally have a number of these e.g. 5-10 so that the nesting is not getting too deep)
              • removes the called approvals from the list of participants
              • calls itself with reduced list or exits if the list is empty'

              As always - recursive logic requires a great deal of carefulness - if you do not exit out of the loop you system will basically stop working very quickly as it gradually runs out of resources...

              HTH

              Regards

              Franz Wolfhagen