Configure people substitution

IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced: Process Server > Install IBM BPM Advanced: Process Server > On Windows > Network deployment environment > Configure profiles and create an ND environment > Create an ND environment > Use the administrative console > Configure components > Configure optional components > Configure Business Process Choreographer
Configure people substitution

This topic describes how to configure people substitution for Business Process Choreographer.

You have configured WebSphere security for Federated Repositories, and if you introduce custom people assignment criteria, you have also performed Configure the Virtual Member Manager people directory provider. You know whether you will use a file registry, property extension registry, or an existing Lightweight Directory Access Protocol (LDAP) schema to store the property extensions.

To use people substitution in a production environment, use the Virtual Member Manager (VMM) property extension repository as described in this topic. If however, you only want to use people substitution in a single-server test environment, you can use the file registry that is associated by default with federated repositories, without having to configure VMM.

Procedure
Add the attributes, "isAbsent", "substitutes", "substitutionStartDate", and "substitutionEndDate" to the VMM definition for PersonAccount:
Locate the wimxmlextension.xml file:

profile_root/config/cells/ cell_name/wim/model/wimxmlextension.xml
profile_root\config\cells\ cell_name\wim\model\wimxmlextension.xml
It is located in profile_root/config/cells/ cell_name/wim/model
Make a backup copy of the wimxmlextension.xml file.
Edit the original copy of the wimxmlextension.xml file, and make sure that it contains the following definitions, which add the two attributes that are needed for user substitution to the PersonAccount entity type:
<wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" 
     dataType="STRING" multiValued="false" propertyName="isAbsent">
   <wim:applicableEntityTypeNames>PersonAccount
   </wim:applicableEntityTypeNames>
</wim:propertySchema>

<wim:propertySchema nsURI="http://www.ibm.com/websphere/wim"
     dataType="STRING" multiValued="true" propertyName="substitutes">
   <wim:applicableEntityTypeNames>PersonAccount
   </wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema nsURI="http://www.ibm.com/websphere/wim"
     dataType="STRING" multiValued="false" propertyName="substitutionStartDate">
   <wim:applicableEntityTypeNames>PersonAccount
   </wim:applicableEntityTypeNames>
</wim:propertySchema>

<wim:propertySchema nsURI="http://www.ibm.com/websphere/wim"
     dataType="STRING" multiValued="false" propertyName="substitutionEndDate">
   <wim:applicableEntityTypeNames>PersonAccount
   </wim:applicableEntityTypeNames>
</wim:propertySchema>
If you are using a file registry, fileRegistry.xml, skip to step 4.
Set up the property extension repository. For more information about setting up a property extension repository, see Configure a property extension repository in a federated repository configuration.
Verify that a database is available to store the property extensions.
Verify that the JDBC driver class is available on the server class path. Click Environment > WebSphere variables to check. If necessary, add the DataServer JDBC driver to the class path. For DB2 , add db2jcc4.jar , db2jcc_license_cu.jar, and db2jcc_license_cisuz.jar to the server's class path, and click Apply > Save
Verify that the JDBC driver class is available on the server class path. Click Environment > WebSphere variables to check. If necessary, add the Universal JDBC driver to the class path. For DB2, add db2jcc.jar , db2jcc_license_cu.jar, and db2jcc_license_cisuz.jar to the server's class path, and click Apply > Save
Configure a DB2 Universal JDBC driver provider and type-4 data source for VMM using the administrative console. Set the webSphereDefaultIsolationLevel custom property for the data source to the value 2. For more information about changing the default isolation level, see Changing the default isolation level for non-CMP applications and describing how to do so using a new custom property webSphereDefaultIsolationLevel.
Restart the server.
Make a backup copy of the wimlaproperties.xml file.

INSTALL_ROOT/etc/wim/setup/wimlaproperties.xml
INSTALL_ROOT\etc\wim\setup

It is located in INSTALL_ROOT/etc/wim/setup\wimlaproperties.xml
Edit the original copy of the wimlaproperties.xml file, and add the following definitions:
<wimprop:property wimPropertyName="isAbsent" dataType="String"
     valueLength="128" multiValued="false">
    <wimprop:applicableEntityName>
  <wimprop:entityName>PersonAccount</wimprop:entityName>
    </wimprop:applicableEntityName>
</wimprop:property>

<wimprop:property wimPropertyName="substitutes" dataType="String"
     valueLength="128" multiValued="true">
    <wimprop:applicableEntityName>
  <wimprop:entityName>PersonAccount</wimprop:entityName>
    </wimprop:applicableEntityName>
</wimprop:property>
<wimprop:property wimPropertyName="substitutionStartDate" dataType="String"
     valueLength="128" multiValued="false">
    <wimprop:applicableEntityName>
  <wimprop:entityName>PersonAccount</wimprop:entityName>
    </wimprop:applicableEntityName>
</wimprop:property>

<wimprop:property wimPropertyName="substitutionEndDate" dataType="String"
     valueLength="128" multiValued="false">
    <wimprop:applicableEntityName>
  <wimprop:entityName>PersonAccount</wimprop:entityName>
    </wimprop:applicableEntityName>
</wimprop:property>
Verify that the application server (or in a ND environment, the dmgr) is running. Be aware not to use the -conntype NONE option for the wsadmin utility.
Use the VMM administrative task setupIdMgrPropertyExtensionRepositoryTables to create the substitution properties in the Property Extension Repository database. For more details, see Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands.
For example:
$AdminTask setupIdMgrPropertyExtensionRepositoryTables { 
-reportSqlError true 
-schemaLocation  INSTALL_ROOT/etc/wim/setup 
-laPropXML   INSTALL_ROOT/etc/wim/setup/wimlaproperties.xml 
-databaseType db2 
-dbURL jdbc:DB2:// host: port/ name 
-dbDriver com.ibm.db2.jcc.DB2Driver 
-dbAdminId  userID 
-dbAdminPassword  password }
For example, using a DB2 database on a Windows platform:
$AdminTask setupIdMgrPropertyExtensionRepositoryTables { 
-reportSqlError true 
-schemaLocation  INSTALL_ROOT\etc\wim\setup 
-laPropXML   INSTALL_ROOT\etc\wim\setup\wimlaproperties.xml 
-databaseType db2 
-dbURL jdbc:DB2:// host: port/ name 
-dbDriver com.ibm.db2.jcc.DB2Driver 
-dbAdminId  userID 
-dbAdminPassword  password }
For example, using a DB2 database on a Linux or UNIX platform:
$AdminTask setupIdMgrPropertyExtensionRepositoryTables { 
-reportSqlError true 
-schemaLocation  INSTALL_ROOT/etc/wim/setup 
-laPropXML   INSTALL_ROOT/etc/wim/setup/wimlaproperties.xml 
-databaseType db2 
-dbURL jdbc:DB2:// host: port/ name 
-dbDriver com.ibm.db2.jcc.DB2Driver 
-dbAdminId  userID 
-dbAdminPassword  password }
Where host is the host name of the database server, port is the service port for the DB2 instance, and name is the name of the database, and userID and password provide database administrator rights.
If you are using a Lightweight Directory Access Protocol (LDAP) user repository, locate the wimconfig.xml file.

profile_root/config/cells/ cellName/wim/config/wimconfig.xml
profile_root\config\cells\ cellName\wim\config\wimconfig.xml
Edit the file and add the following entries to exclude the substitution attributes from the LDAP repository:
<config:repositories xsi:type="config:LdapRepositoryType"
      adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
      id="ldaprepo1" ...>
      ...
      <config:attributeConfiguration>
         <config:propertiesNotSupported name="isAbsent"/>
         <config:propertiesNotSupported name="substitutes"/>
         <config:propertiesNotSupported name="substitutionEndDate"/> 
         <config:propertiesNotSupported name="substitutionStartDate"/>
      </config:attributeConfiguration>
Activate the extension property repository:
Using the setIdMgrPropertyExtensionRepository command. For more details, see Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands.
For example, using a DB2 database named VMMDB, a data source named VMMDS:
$AdminTask setIdMgrPropertyExtensionRepository { 
-dataSourceName jdbc/VMMDS
-databaseType db2 
-dbURL jdbc:DB2:// host: port/VMMDB 
-dbAdminId  userID
 -dbAdminPassword  password  -JDBCDriverClass com.ibm.db2.jcc.DB2Driver 
-entityRetrievalLimit 10 }
Verify that the wimconfig.xml file contains an entry similar to the following:
<config:propertyExtensionRepository
   adapterClassName="com.ibm.ws.wim.lookaside.LookasideAdapter"
   id="LA" 
   databaseType="db2" 
   dataSourceName="jdbc/VMMDS" 
   dbAdminId= "userID"
   dbAdminPassword="{xor} PasswordXOR" 
   dbURL="jdbc:DB2:// host: port/VMMDB" 
   entityRetrievalLimit="10"
   JDBCDriverClass="com.ibm.db2.jcc.DB2Driver"/>>
If you use an LDAP schema to hold the substitution information: It may or may not already have definitions for "isAbsent", "substitutes", "substitutionStartDate", and "substitutionEndDate" (possibly with different names). Whether you have existing definitions, or you will create new ones, make sure of the following:

The LDAP directory must allow write operations.
The attribute for absence information ("isAbsent") must be of type Boolean or a String.
The attribute that defines who the person can substitute for ("substitutes") must be of type String, multi-valued, and permit a length up to 128 characters.
If your existing or chosen attribute names are not "isAbsent", "substitutes", "substitutionStartDate", and "substitutionEndDate", you must define your attribute names in the administrative console by clicking either Servers > Clusters > WebSphere application server clusters > cluster_name or Servers > Server Types > WebSphere application servers > server_name, then on the Configuration tab, in the Business Integration section, expand Business Process Choreographer, and click Human Task Manager, on the Configuration tab select Custom properties then set the names for the custom properties Substitution.SubstitutesAttribute, Substitution.AbsenceAttribute, Substitution.StartDateAttribute, and Substitution.EndDateAttribute.

Restart the server.
Enable substitution in the Human Task Manager:

either Servers > Clusters > WebSphere application server clusters > cluster_name or Servers > Server Types > WebSphere application servers > server_name, then on the Configuration tab, in the Business Integration section, expand Business Process Choreographer, and click Human Task Manager, and click Human Task Manager, then either Runtime or Configuration.

To enable substitution, select Enable substitution.
If non-administrators are allowed to perform substitution for other users, clear the Restrict substitute management to administrators option.
This settings does not affect the ability of users to change substitution for themselves.
Click Apply.
If you selected Configuration in step 5.a, restart the server to activate the substitution settings.

If you have problems with any of these steps, refer to Troubleshooting people assignment.
Results
The people assignment service is configured to support user substitution for absent users.

Related tasks:
Configure the Virtual Member Manager people directory provider
Selecting a registry or repository
Selecting a registry or repository
Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands
Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands
Configure a property extension repository in a federated repository configuration
Configure a property extension repository in a federated repository configuration