Tips & Tricks - User management via a process

This article demonstrates how user groups can be created via a process. It also explains how to automate the creation and assignment of users to user groups. Finally, it provides a Groovy script for reading group memberships.

Create user group

User groups can be created in any process via a data group action. First of all, create a source for the data such as an event handler. You can define the source of the data for the new user group, such as the name, in the properties of the event handler. Connect a data group action to the event source.

Select "Add record" as the action in the data group action properties.

Select the "Set" data group from the "Users" system application as the target data group.

On the Field assignment tab, at least the following values need to be mapped to the target - the new user group in the Users module:

A GUID that is easily created by clicking on "User-defined value". Assign this to the "GUID" field in the target group.
The class ID "6" (integer) that can also be easily created by clicking on "User-defined value". Assign this to the "Class ID" field in the target group.
The object name

Once the settings and process have been saved, the new user group will be created.

Create user

New users can be created and added to a user group via a process. A Groovy script action takes care of the adding with the following script:

def user = g_om.createUser{
	container     = "System"
	name          = "user-${now().withoutFractionalSeconds}"
	loginName     = "UserU-${now().withoutFractionalSeconds}"
	emailBiz      = "user@example.org"
	description   = "User created with Groovy at ${now().withoutFractionalSeconds}"
    memberOf    = ["User", "6AA80844C3F99EF93BF4598EB18605BF86FDD3C5"]
}

The access object "g_om" provides a structure that enables you to execute operations in the user management and organizational structure of a portal. When a user is created in this example, the following properties will be set, of which "name" and "loginName" are mandatory. All of the other properties are optional.

container:
Container where the user object is to be created. You can specify the unique name (in our example "system"), GUID, or the path of the container
name:
The unique object name
loginName:
The unique login name
emailBiz:
The business email address of the user.
description:
Description of the user object
memberOf:
The user's group memberships can be defined from the list that is transferred. The unique name, the GUID (in our example "6AA80844C3F99EF93BF4598EB18605BF86FDD3C5") or the path of the group may be used in this context.

A time stamp is used to ensure the uniqueness of the user name and login ID. If, in the user management, the uniqueness of the user name and login ID is not guaranteed by the ID or a timestamp, but instead uses a different format, such as first name.last name, then a check must be run to ascertain whether a user with the same data exists already, and, if necessary, runs an appropriate error handler.

Read user's memberships

The following script can be used to determine the group memberships of a user.

def user = g_om.getUser(g_session.user.guid)
def sets = g_om.getMembershipSets(user)
def strAdminGroupGuid = "EF16F15EDA8562E19D7DD75BF2OP3001F119193C"

if (sets*.guid.contains(strAdminGroupGuid))
	return adminGroupMemberTrue
else
	return adminGroupMemberFalse

In this example, the GUID of the current logged-in user will be read with the help of "g_session.user.guid". "g_om.getMembershipSets(member)" returns a list with all groups - including subordinate groups - that the defined user is a member of. Subsequently, using an iteration through the GUIDs of the identified groups, it is possible to establish if the GUID of the "Administrators" group is included in the results. Dependent on this evaluation (in this example, the evaluation of whether the user is a member of the "Administrators" group) a corresponding value will be returned, with which, for example, when this code is used in a Groovy filter condition, subsequent steps in the workflow can be precisely controlled.