Tips & Tricks - User management via a process
This article demonstrates how user groups can be created via a process.
It also explains how to automate the creation and assignment of users to user groups.
Finally, it provides a Groovy script for reading group memberships.
Create user group
User groups can be created in any process via a
data group action.
First of all, create a source for the data such as an
event handler.
You can define the source of the data for the new user group, such as the
name,
in the properties of the event handler. Connect a data group action to the event source.
Select "Add record" as the action in the
data group action properties.
Select the "Set" data group from the
"Users" system application
as the
target data group.
On the
Field assignment tab, at least the following values need to be mapped to the target - the new user group in the
Users module:
-
A GUID that is easily created
by clicking on
"User-defined value". Assign this to the
"GUID" field in the target group.
-
The class ID "6" (integer) that can also be easily created
by clicking on
"User-defined value". Assign this to the
"Class ID" field in the target group.
-
The object name
Once the settings and process have been saved, the new user group will be created.
Create user
New users can be created and added to a user group via a process. A
Groovy script action takes care of the
adding with the following script:
def user = g_om.createUser{
container = "System"
name = "user-${now().withoutFractionalSeconds}"
loginName = "UserU-${now().withoutFractionalSeconds}"
emailBiz = "user@example.org"
description = "User created with Groovy at ${now().withoutFractionalSeconds}"
memberOf = ["User", "6AA80844C3F99EF93BF4598EB18605BF86FDD3C5"]
}
The access object "g_om" provides a structure that
enables you to execute operations in the user management and organizational
structure of a portal. When a user is created in this example, the following
properties will be set, of which "name" and
"loginName" are mandatory. All of the other
properties are optional.
-
container:
Container where the user object is to be created.
You can specify the unique name (in our example "system"),
GUID, or the path of the container
-
name:
The unique object name
-
loginName:
The unique login name
-
emailBiz:
The business email address of the user.
-
description:
Description of the user object
-
memberOf:
The user's group memberships can be defined from the list that
is transferred. The unique name, the GUID (in our example
"6AA80844C3F99EF93BF4598EB18605BF86FDD3C5") or the path of the
group may be used in this context.
A time stamp is used to ensure the uniqueness of the user name and login ID. If,
in the user management, the uniqueness of the user name and login ID is not
guaranteed by the ID or a timestamp, but instead uses a different format,
such as first name.last name, then a check must be run to ascertain whether a
user with the same data exists already, and, if necessary, runs an appropriate
error handler.
Read user's memberships
The following script can be used to determine the group memberships of a user.
def user = g_om.getUser(g_session.user.guid)
def sets = g_om.getMembershipSets(user)
def strAdminGroupGuid = "EF16F15EDA8562E19D7DD75BF2OP3001F119193C"
if (sets*.guid.contains(strAdminGroupGuid))
return adminGroupMemberTrue
else
return adminGroupMemberFalse
In this example, the GUID of the current logged-in user will be read with the
help of "g_session.user.guid".
"g_om.getMembershipSets(member)" returns a list with
all groups - including subordinate groups - that the defined user is a member of.
Subsequently, using an iteration through the GUIDs of the identified groups,
it is possible to establish if the GUID of the
"Administrators" group is included in the results. Dependent on this
evaluation (in this example, the evaluation of whether the user is a member of
the "Administrators" group) a corresponding value will
be returned, with which, for example, when this code is used in a
Groovy filter condition, subsequent steps in the workflow can be precisely
controlled.