• State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 62 subscribers
  • Views 8009 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Active Roles Policies

ben.kennedy
over 7 years ago

Hi,

We want to add 2 new policy's on user creation these are

Property Generation and Validation

. accountExpires (accountExpires)

.edsaMemberOf (edsaMemberOf)

 

But we want them to be optional not Must be specifed, how can this be done?

 

regards,

Ben 

  • 0 over 7 years ago
    This resource should help:

    Title: Unable to modify an attribute controlled by Property Generation and Validation policy
    Solution Number: 95699
    URL: support.quest.com/.../95699
  • 0 over 7 years ago
    but this doesn't allow you to make the options optional? does it?
  • 0 over 7 years ago
    This allows you to specify one or more options, but also allows the User to write in their own.

    Perhaps I'm misunderstanding: what exactly is your end goal? Can you provide a sample use case?
  • 0 over 7 years ago
    yes done that and works,.but the two fields we want to add are member of? and expiry date.
  • 0 over 7 years ago
    As Terrance noted, it would be helpful to better understand your requirement. I am particularly interested in the "memberof" piece as if you are trying to automate the control of group memberships in some manner, you may need to look at group-membership-specific provisioning policies (which are distinct from property value policies like you would use for expiry date).
  • 0 over 7 years ago
    we already have policy setup for group memberships i.e via department. But if we have any extra groups to add, can this be done on user creation. We also may need to some users end dates , but no everyone. Is this possible. I can get for all users, but I want the option to optional ?
  • 0 over 7 years ago
    The MemberOf attribute is special. It's actually computed and back-synced based on the Members attribute of Group objects. You cannot add something to that attribute directly.

    If you want this optional, and triggered during User account creation, the best method would be to create a custom virtual attribute, expose it, and populate it with a list of options. Then, have a Workflow listen to changes to this virtual attribute and populate Group Memberships accordingly.

    accountExpires is also special because of the way that it is stored. Timestamps are stored in integer time format. So, you're likely going to have to implement a script which would calculate the appropriate integer time.
  • 0 over 7 years ago
    With respect to the additional group memberships, do you want someone who is hand-creating a user to be able to select these additional groups or, are there certain additional groups that are consistently added based on some other criteria? If the latter, then would it make sense to have something like a dropdown where the user could select "additional groups list 1","additional groups list 2" etc.
    For the end date, you could allow them to optionally enter a date (into a virtual attribute) and as Terrance suggested, a script would do the necessary translation for applying this to the actual accountexpires attribute.