• State Not Answered
  • Replies 6 replies
  • Subscribers 64 subscribers
  • Views 189 views
  • Users 0 members are here
Options
Related

Provision Attributes when change company attribute

michael albrecht
1 day ago

Hello folks,

i have a problem where i need some help. We do have a company where there are different subcompanies. Each sub has different departments.

What i do want now is following:

i created a form where the first screen is the company and there is a second section with the department. If the company is changed i want that the departments (i do have an array of them for every company) is now populated as a dropdown.

I do have succesfully preprovisioned the attributes when nothing is changed. But when i change the company from A to B i still get the attributes populated of company A.

Which scriptpolicy is triggered when an attribute is changed? I think this is my problem which I do struggle with at the moment. OnGetEffectivePolicy is only called when i open the form initally. On Changing the Company from A to B nothing is done. Please help me :-)

Here are some codesnippets:


function onGetEffectivePolicy($Request)
{
if($Request.Class -ne "user"){return}

$test = $DirObj.GetInfo
#$Request >> C:\tmp\departmentchange.txt
$test >> C:\tmp\departmentchange.txt

$nachname = $DirObj.Get("sn")
$vorname = $DirObj.Get("givenName")
[void]($DirObj.GetInfoEx(@('edsvaAccountType'),0))
$VAValue = $DirObj.Get("edsvaAccountType")
$accounttype = $VAValue
$nachname >> C:\tmp\departmentchange.txt
$vorname >> C:\tmp\departmentchange.txt
$accounttype >> C:\tmp\departmentchange.txt
## Firmennamen setzen

if ($accounttype -ne $null){
switch ($accounttype){
"Extern" {
$externeFirmen = @("A", "B", "C")
$Request.SetEffectivePolicyInfo("company", $Constants.EDS_EPI_UI_POSSIBLE_VALUES, [string[]]$externeFirmen)
}
"Intern" {
$Companies = @("A","B","C")
$Request.SetEffectivePolicyInfo("company", $Constants.EDS_EPI_UI_POSSIBLE_VALUES, [string[]]$Companies)
}
default{
$Request.SetEffectivePolicyInfo("company", $Constants.EDS_EPI_UI_GENERATED_VALUE, "")
}
}
}

#"test1234" >> C:\tmp\departmentchange.txt
$abteilungen = @(Get-Content C:\Abteilungen\Immobilien.txt)
$Request.SetEffectivePolicyInfo("department", $Constants.EDS_EPI_UI_POSSIBLE_VALUES, [string[]]$abteilungen)
}

Parents
  • 0 1 day ago

    Hello, if you are possibly wanting to have the available Department dropdown list values changed the moment the Company is changed, then search the Active Roles SDK for 'Bound List Boxes'.

    To maybe answer the question about which function is triggered when an attribute is changed, the event handler onCheckPropertyValues could be used to analyze the changes before being saved to the object. You'll also find examples of this function in the SDK.

  • 0 1 day ago in reply to Richard Lambert

    Hi  

    I've done something similar in the past, in part related to the KB How to create a Bound List-box with 4 Levels (4244019), except I get my companies, department etc from a CSV (but could easily be an object, like an OU, or similar.

    What you're probably missing here however is onCheckPropertyValues, to ensure you can generate a compliance error if the department doesn't fall inside the list of allowed departments for a company.

    If you have a look at the (+) PowerShell Library Source Code - Wiki - Active Roles Community - One Identity Community, it contains a lot of helper functions. I'd start by looking at these helper functions:

    • ReportValidationError
    • ExecutePolicyRule
    • ValidateAndGenerateAttribute
    • .SetEffectivePolicy

    I can't remember the in's and out's as it was 2 years ago, and I've misplaced the code I wrote, but I think I had company on one table, and department on another. Where I used a rule to generate a value (IE $Request.SetEffectivePolicyInfo($AttributeName, $Constants.EDS_EPI_UI_POLICY_RULE, $PolicyRule), opposed to defining a defaultvalue, or generated value, it worked similarly to when you enter a firstname and lastname, and the samaccountname and UPN prefix are generated.

  • 0 1 day ago in reply to Stu.Pollock

    Hi Stu,

    thanks for your answer. In the creation process of the user the bound list procedure works fine. I already implented this in that phase.

    But when doing changes i do not have to "jump" from one page to another with the "next" button and therefore the ongeteffectivepolicy doesnt trigger again when changing the screen. Thats whats causing my headache at the moment.

    Regards,

    Michael 

  • 0 1 day ago in reply to michael albrecht

    When you say "But when doing changes..." you are referring to editing object properties of an existing object rather than walking through the object creation wizard?

    So when the fields are all on the same tab, you say the OnGetEffectivePolicy handler is not firing (i.e. to cause your Department choices to change)

Reply
  • 0 1 day ago in reply to michael albrecht

    When you say "But when doing changes..." you are referring to editing object properties of an existing object rather than walking through the object creation wizard?

    So when the fields are all on the same tab, you say the OnGetEffectivePolicy handler is not firing (i.e. to cause your Department choices to change)

Children