Hi Experts,
Completely new to ARS / ARSWeb, I would need some details about the task I've been assigned to:
- ARS : version 7.5
In One Identity Active Roles Web 7.50, how can I create a form to allow an admin user to copy groups with a selection (not all at one, but choosing the groups to copy) from a domain user he belongs to to another user in the same domain ?
I tried to create a custom module in ARS but it copies all at one, I just need to select the groups I need to copy.
The code bellow:
# Through the Web interface it is possible to copy group memberships from one user onto another one. # This operation is executed throught a specific new command, "Copy Groups", which is linked to a # new form that has an extended control called CMDNAME with the value "CopyGroups" (to execute the # script hereunder only if the user modification comes from that form / command) and where it is # possible to select the target user onto which the groups are copied. The target user is selected # in the attribute "secretary". #=========================================================================== # Main Function triggered when a user account is modified #=========================================================================== function onPreModify($Request) { # Get the value of the form control named CMDNAME (defined when customizing a form and selecting # Properties (of the form) and Extended Controls) $FormControlActionName = GetInControl -Object $Request -ControlName 'CMDNAME' # Specific controls when copying groups from a user to another one if ($FormControlActionName -ne 'CopyGroups') { return } # Only process requests to copy groups # If the attribute secretary is changed, get its value from the form and start the process to copy groups. if (IsAttributeModified -AttributeName 'secretary' -Object $Request) { # Get the secretary attribute value and save it into the TargetUser variable $TargetUser = GetAttribute -AttributeName 'secretary' -Object $request # Copy groups only if the TargetUser is not empty if ($TargetUser) { # Get the list of groups the original user is member of $Groups = (Get-QADUser $Request.DN -Proxy -Properties memberof).memberOf # For each group found, add the taget user to the same group. foreach ($Group in $Groups) { Add-QADGroupMember -Proxy $Group -member $TargetUser } # Clear the secretary attribute because the intention was not to populate the attribute, just use its value temporarily $request.put('secretary',$null) } } } #=========================================================================== # IsAttributeModified #=========================================================================== # This function determines if modification for the specified attribute # is requested. It can be useful to force the script policy event handler # to be triggered for the specified attribute modification only. # # Parameters # strAttributeName - string with attribute name. It can be in any cases, # for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE" # object - the Request object. Please see ARS SDK for details about this # object # Return value # $true - When specified by strAttributeName attribute is modified during # request # $false - When specified by strAttributeName attribute is not modified # during request # Remarks # This function is applicable to onPreCreate, onPostCreate, onPreModify, # onPostModify, and onCheckPropertyValues event handlers. # Example # $IsAttributeModified = IsAttributeModified -AttributeName 'EmployeeID' -Object $Request # function IsAttributeModified { param( [Parameter(Mandatory = $true,Position=0)][string]$AttributeName, [Parameter(Mandatory = $true,Position=1)]$Object ) $objEntry = $Object.GetPropertyItem($AttributeName, 3) #$ADSTYPE_CASE_IGNORE_STRING if ($null -eq $objEntry) { return $false } $nControlCode = $objEntry.ControlCode if ($nControlCode -eq 0) { return $false } return $true } #=========================================================================== # GetAttribute #=========================================================================== # This function returns a value of the specified attribute of # the specified object. It can be useful to prevent an error # rising when the attribute has no value. # # Parameters # strAttributeName - string with attribute name. It can be in # any cases, for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE" # Request - the Request object. Please see ARS SDK for details # about this object # return value # Integer, string, boolean value, or array of values - When specified by # strAttributeName attribute has any values # Empty value - specified by strAttributeName attribute has no value # Remarks # This function is applicable to onPreGet, onPostGet, onPreCreate, # onPostCreate, onPreModify, onPostModify, and onCheckPropertyValues # event handlers. # Example # $samAccountName = GetAttribute -strAttribute 'samAccountName' -Object $DirObj # function GetAttribute { param( [Parameter(Mandatory = $true,Position=0)][string]$AttributeName, [Parameter(Mandatory = $true,Position=1)]$Object ) trap { continue } #Load Attribute into $Object $Object.GetInfo(@($AttributeName),0) #Return the Attribute value return $Object.Get($AttributeName) return $null } #=========================================================================== # GetInControl #=========================================================================== # This function returns the control value of a control object from the $Request object # # Parameters # Object - the $Request object # ControlName - the name of the control of which to return the value # return value # the value of the control who's name has been passed to the function # Remarks # This function is applicable to any event handler and function. # Example # GetInControl -Object $Request -ControlName 'CMDNAME' function GetInControl { param( [Parameter(Mandatory = $true, Position=0)]$Object, [Parameter(Mandatory = $true, Position=1)][string]$ControlName ) trap {continue} return $Request.GetInControl($ControlName) return $null }
Thanks for all !
Nicolas