Member Manager staff plug-in provider

 

+
Search Tips   |   Advanced Search

 

  1. Overview
  2. Install
  3. Configure server communication end points
  4. Default and new Member Manager staff plug-in provider configurations
  5. Staff verb semantics
  6. Resources

 

Overview

The process of deciding which user is allowed to perform specific actions on a certain work item is called staff resolution.

Business Process Choreographer delegates staff resolution to the Member Manager staff resolution plug-in.

Business Process Choreographer allows the operation of business processes defined according to the Business Process Execution Language standard. Such processes are...

  • modeled
  • deployed
  • run

...on top of...

A business process is a design for how a series of activities is done. Staff activities are one type of activity. They are assigned to people through work items. Staff activities can be almost any business task such as completing a form, approving a document or drawing, and writing a letter. When a process is started, work items are created for the potential owners.

When a user claims an activity, they become the owner of that activity. Only they can work on that activity in that particular instance of the process. If the work is complex or involved, the user can save intermediate stages of the work. When the work is done, the user completes the activity. The resulting information is saved and is then available to subsequent activities in the process. Humans involved in staff activities assume one of several possible roles. Examples for such roles include the following:

Potential Owner Permitting a human to claim and complete a staff activity
Editor Allowing a human to contribute to a staff activity
Reader Allowing a human to view the data of a staff activity

During the modeling of a business process, each staff activity can be associated with one or more of these roles. For each role, delimit a set of user IDs to indicate which users can assume what role. This delimitation is defined via so-called Staff Verbs, which are specified by the process modeler. Process Choreographer comes with a pre-defined set of Staff Verbs, which correspond to user selections such as the following:

  • The user with distinguished name A using the "Users" staff verb

  • The user with the short name B using the "Users by User ID" staff verb

  • The users which are part of user group C using the "Group Members" staff verbs

During the execution of a staff activity, Process Choreographer has to resolve the associated Staff Verbs, i.e. it has to determine the set of users defined by the verbs. It does so by mapping the verbs to user repository queries such as the following:

  • Look up user with distinguished name A

  • Look up the users with of user group C

Such queries are specific to the employed user repository implying that Process Choreographer has to perform mappings between Staff Verbs and specific user repository queries. In Process Choreographer, this functionality is contained in user repository specific modules, so-called staff resolution plug-ins. Process Choreographer comes with the following three plug-ins:

  • An LDAP staff provider plug-in: For mapping to LDAP server queries

  • A system staff provider plug-in: For mapping to an OS user repository

  • A user registry staff provider plug-in

 

Install Member Manager staff plug-in provider

Scenario without network deployment

IBM WebSphere Portal uses Member Manager to provide user repository queries. If you are using WebSphere Portal and Process Choreographer, provide Staff verb resolution via Member Manager ; the Member Manager staff plug-in provider resolves the queries.

As the Business Process Container makes use of the Member Manager staff plug-in, the plug-in must be installed and setup on the node that hosts the server for which the container is configured. If you use the standard portal installation, the process container is configured for the portal server and the Member Manager staff plug-in is created automatically on the node on which the portal server resides. If you perform another installation type or change the topology afterwards in way that the process container is configured on another server than the portal server, you have to manually setup the plugin on the node that hosts the server for which the container is configured.

In this case, the different servers must be part of the same single sign-on domain and share the same user repository. If the process container is configured on an application server that does not contain a portal profile, copy the required files from the portal installation to the node with the process container.

To install Member Manager staff plug-in provider:

  1. Open a command prompt on the node hosting the process container and change to the /bin directory of the according application server profile.

  2. Execute...

    wsadmin -f app_server_root/ProcessChoreographer/bpestaffmembermanager.jacl -conntype SOAP -user admin_ID -password admin_password ejbHome admin_ID admin_password

    ...where

    • ejbHome is the name of the Member Manager EJB home

    • admin_ID (both occurrences) is the user ID for the application server administrator

    • admin_password (both occurrences) is the password for the application server administrator

    To achieve communication between servers that are not in a managed cell, define the ejbHome using one of the following options.

    • corbaname:iiop:host:port#ejb/MemberServiceHome

    • Create an indirect binding using the application server administrative console and then use the value that you defined for the Name in Name Space property, for example: my/MemberServiceHome.

To verify that the Member Manager staff plug-in provider is installed:

  1. Open the WebSphere Application Server administration console; for example,...

    http://hostname:9060/ibm/console

  2. Log in as administrator.

  3. Click...

    Resources | Staff plug-in Provider

    You should see four installed staff plug-in providers; one is the Member Manager Staff Resolution plug-in Provider and the others are default Process Choreographer plug-ins.

  4. Restart the node so that the changes take effect

 

Scenario with network deployment

Apply the following steps to install the plug-in throughout the cell.

  1. Perform these steps for the deployment manager and all nodes on machines that do not contain a portal profile. Copy these required files from the portal installation to the according deployment manager or process container node.

  2. From a command prompt, change to the portal_server_root/config directory and run the following command.

    WPSconfig.{bat|sh} action-create-new-bpe-wmmplugin-config -DWmmEjbName=wmmejbname -DNodeName=nodename
    where

    • wmmejbname is the name of the Member Manager EJB home. In a managed cell, this could be defined as...

      cell/nodes/portal_nodename/servers/WebSphere_Portal/ejb/MemberServiceHome

      ...to address one specific server or 

          cell/clusters/portal_clustername/servers/WebSphere_Portal/ejb/MemberServiceHome
      to address a portal cluster.

    • nodename is the name of the node to which the staff plugin should be installed.

    The administrative user ID and password must be set in wpconfig.properties before running this command. See Configuration properties reference for more information about this setting.

  3. Enable identity assertion following these steps.

    1. Use the browser to log in to the application server administrative console. For example...

      http://www.example.com:9060/ibm/console

    2. Select...

      Security | Global Security | Authentication Protocol | CSIv2 Inbound authentication | Identity assertion | OK | Save

    3. Restart the application server.

    4. Run the wsadmin scripting client with these options.

      wsadmin -f was_profile_root/ProcessChoreographer/util/refreshStaffQuery.jacl -server servername

  1. To verify that the Member Manager staff plug-in provider is installed:

    1. Open the WebSphere Application Server administration console on the deployment manager; for example,...

      http://hostname:9060/ibm/console

    2. Log in as administrator.

    3. Click...

      Resources | Staff plug-in Provider

    4. Set the Scope to one of the federated nodes.

    5. Ensure that the Member Manager staff plug-in provider is registered for the node.

  2. Restart the deployment manager and all modified nodes.

 

Configure server communication end points

If we experience problems when restarting WebSphere_Portal without restarting the server that hosts the Business Process Container (and the plug-in), we should associate the following end points of WebSphere_Portal with static port values

  1. In case CSIv2 is used as security protocol between the servers, set static port values for the end points: 

        CSIv2_SSL_MUTUALAUTH_LISTENER_ADDRESS
    CSIv2_SSL_SERVERAUTH_LISTENER_ADDRESS

  2. In case SAS is used as security protocol between the servers, set a static port value for the end point: 

        SAS_SSL_SERVERAUTH_LISTENER_ADDRESS

For background information on these protocols and their settings, refer to the WebSphere Process Server V6.0 Information Center.

  1. In the administrative console, click...

    Servers | Application Servers | WebSphere_Portal | Business Integration | Additional Properties | End Points

  2. For every required end point (i.e. CSIv2_SSL_MUTUALAUTH_LISTENER_ADDRESS)

    1. Select the end point.

    2. Configure a static port value (i.e. 8355).

    3. Click Apply.

  3. Click OK.

  4. Click Save in the messages window of the Administrative Console to save the modified settings; be sure to confirm the save.

  5. Restart both servers (WebSphere_Portal and server1).

 

Default and new Member Manager staff plug-in provider configurations

The Member Manager staff plug-in provider comes with a default configuration that is ready to use. We can leave the configuration as is or we can make changes via the WebSphere Application Server Admin Console. We can also create multiple configurations for each plug-in, which are distinguished by their JNDI name.

Change the default configuration settings Follow these steps to change the default configuration settings:

  1. Open the WebSphere Application Server administration console. For example,...

    http://hostname:9060/admin

  2. Log in as administrator.

  3. Click...

    Resources | Staff plug-in Provider | Member Manager Staff Resolution plug-in | Staff plug-in Configuration | WMM Staff plug-in Configuration for WPS | Custom Properties

  4. To change a setting, click the property name, enter a value, and click OK. See the following table for properties:

    plug-in properties Required/Optional Comments
    AuthenticationAlias Required Used to access the Member Manager service. The alias name is set here and can be found at...

    Security | JAAS Configuration | J2C Authentication Data

    By default, the value points to the pre-configured Member Manager access alias.

    ContextFactory Optional Sets the Java Naming and Directory Interface (JNDI) context factory; for example, 

        com.ibm.websphere.naming.WsnInitialContextFactory
    .
    DefaultSearchTimeout Optional Controls when to terminate a search operation.
    WMMEJBHomeName Optional The JNDI EJB home interface where the WMM EJB is found.

  5. Click Save to apply the changes.

  6. Stop and then restart the server to activate the plug-in.

    See Troubleshooting for additional information.

Creating new configurations For any plug-in, we can create more than one configuration. Configurations are distinguished by their JNDI name and a business process has to be associated with a plug-in configuration name at process modeling time. By selecting a specific configuration name, varying properties of the same plug-in can be enforced. Follow these steps to create new configurations:

  1. Create a copy of the file...

    app_server_root/ProcessChoreographer/Staff/MemberManagerTransformation.xsl

  2. Edit the copy, and modify the search attributes in the "Global variables" section for the user registry before deploying the process.

  3. Open the WebSphere Application Server administrative console by accessing the following URL in a browser:

    http://hostname.example.com:9060/admin

  4. Log in as administrator.

  5. Click...

    Resources | Staff plug-in Provider | Member Manager Staff Resolution plug-in | Staff plug-in Configuration | New | Browse

    Select the copy of the MemberManagerTransformation.xsl file that you created previously.

  6. Click Next.

  7. Enter an administrative name for the staff plug-in provider.

  8. Enter a description.

  9. Enter the Java Naming and Directory Interface (JNDI) name for the business process to use when referencing this plug-in; for example, bpe/staff/wpswmmconfiguration2.

  10. Click Apply.

  11. Click Custom Properties.

  12. See Default and new Member Manager staff plug-in provider configurations to change the default settings of the new configuration.

 

Staff verb semantics

To a large extent the semantics of the staff verbs is independent of the plug-in to be selected. Nevertheless, some specific semantics exist which are pointed out below for the Member Manager. The following set of verbs is supported by staff plug-ins:

 

Department members

Use this verb to define a query to retrieve the members of a department.

The verb translates into a search for all entries of type (i.e. LDAP objectclass) "person", which are located under a predefined search base, for example "o=deptName,cn=departments,dc=mycomp", and retrieving a predefined attribute, for example "uid". A process modeler can set a number of parameters when selecting the verb for an activity role. Except for the department names, none of the parameters are evaluated during the staff verb resolution.

Parameter Use Type Supported by Member Manager Description
DepartmentName Mandatory String Yes Department name of the users to retrieve
IncludeNestedDepartments Mandatory Boolean No Not evaluated
Domain Optional String No Not evaluated
AlternativeDepartmentName1 Optional String LDAP Second department to include
AlternativeDepartmentName2 Optional String LDAP Third department to include

The specification of the search parameters (type, search base, retrieved attribute) is fixed in the transformation file used by the plug-in configuration, for example MemberManagerTransformation.xsl located in the app_server_root/ProcessChoreographer/Staff directory. If changes are needed, the.xsl file has to be adapted accordingly.

Example (change user return attribute to "cn", user search attribute to "userid", suffix for department names to "dc=areas,dc=mycomp"): 

        <xsl:template name="DepartmentMembers">
   ...
    <swmm:search>
            <xsl:attribute name="searchBase">
                o=<xsl:value-of select="$deptname"/>,cn=areas,dc=mycomp             </xsl:attribute>
            <xsl:attribute name="returnType">person</xsl:attribute>
            <xsl:attribute name="returnAttribute">cn</xsl:attribute>
            <xsl:attribute name="searchAttribute">userid</xsl:attribute>
            <xsl:attribute name="operator">notNULL</xsl:attribute>
            <xsl:attribute name="referenceValue">dummy</xsl:attribute>
            <xsl:attribute name="referenceType">String</xsl:attribute>
    </swmm:search>
   ...
    </xsl:template>

 

Everybody

Use this verb to assign a work item to every user authenticated by the WebSphere Application Server. This verb has no parameters; it is supported by all plug-ins including the Member Manager plug-in.

 

Group Members

Use this verb to define a query to retrieve the members of a group. For the Member Manager plug-in, a group is associated with the semantics defined by WebSphere Portal for its user groups. According to this, a user group can consist of users and sub-groups that also consist of users and other sub-groups. The search for the users of a group can be defined to be non-recursive or recursive. In the former case, only the users are retrieved directly belonging to the specified group. In the latter case, the users of all sub-groups are included as well. A process modeler can set a number of parameters when selecting the verb for an activity role:

Parameter Use Type Supported by Member Manager Description
GroupName Mandatory String Yes Group name of the users to retrieve
IncludeSubgroups Mandatory Boolean No Specifies whether nested subgroups are considered in the query
Domain Optional String No Not evaluated
AlternativeDepartmentName1 Optional String LDAP Second department to include
AlternativeDepartmentName2 Optional String LDAP Third department to include

Example (change user return attribute to "cn", suffix for group names to "dc=areas,dc=mycomp"): 

        <swmm: usersOfGroup>
        <xsl:attribute name="id">
            o=<xsl:value-of select="$groupname"/>,dc=areas,dc=mycomp<xsl:value         </xsl:attribute>
        <xsl:attribute name="idType">memberDN</xsl:attribute>
       ...
        <xsl:attribute name="attribute">cn</xsl:attribute>
    </swmm:usersOfGroup>

 

Group Search

Use this verb to search for a group based on an attribute match and to retrieve the members of the group.

This verb implies two hidden queries. First, all user groups are retrieved featuring a specified attribute and a specified value, for example Business Type equaling Finance. Then all users belonging to these groups are retrieved. A process modeler can set a number of parameters when selecting the verb for an activity role:

Parameter Use Type Supported by Member Manager Description
GroupID Optional String Yes The group ID of the users to retrieve
Type Optional String Yes The group type of the users to retrieve
IndustryType Optional String Yes The industry type of the group to which the users belong
BusinessType Optional String Yes The business type of the group to which the users belong
GeographicLocation Optional String Yes An indication of where the users are located
Affiliates Optional String Yes The affiliates of the users
DisplayName Optional String Yes The display name of the group
Secretary Optional String Yes The secretary of the users
Assistant Optional String Yes The assistant of the users
Manager Optional String Yes The manager of the users
BusinessCategory Optional String Yes The business category of the group to which the users belong
ParentCompany Optional String Yes The parent company of the users

One attribute (Type, Industry Type,...) should be set at a time. Only the first attribute in the list will be evaluated.

The specification of the attribute to be retrieved for the group members (i.e. uid) is fixed in the transformation file used by the plug-in configuration, for example MemberManagerTransformation.xsl, located in the directory app_server_root/ProcessChoreographer/Staff. If changes are needed, the.xsl file has to be adapted accordingly.

Example (change group return attribute to "groupid", group name suffix to "dc=areas,dc=mycomp", user return attribute to "userid"): 

        <xsl:template name="GroupSearch">
   ...
    <swmm:search>
        <xsl:attribute name="returnType">group</xsl:attribute>
        <xsl:attribute name="returnAttribute">groupid</xsl:attribute>
        <xsl:attribute name="searchAttribute">"$searchparam"/></xsl:attribute>
        <xsl:attribute name="operator">equal</xsl:attribute>
        <xsl:attribute name="referenceValue"><xsl:value-of select="staff:parameter"/></xsl:attribute>
    </swmm:search>
   ...
    <swmm:usersOfGroup>
        <xsl:attribute name="id">cn=%groupname%,dc=areas,dc=mycomp</xsl:attribute>
        <xsl:attribute name="idType>memberDN</xsl:attribute>
            <xsl:attribute name="recursive">yes</xsl:attribute>
            <xsl:attribute name="attribute">userid</xsl:attribute>
    <swmm:usersOfGroup>
   ...
    </xsl:template>

 

Manager of Employee

Use this verb to retrieve the manager of a person using the person's name. A process modeler can set a number of parameters when selecting the verb for an activity role:

Parameter Use Type Supported by Member Manager Description
EmployeeName Mandatory String Yes The name of the employee whose manager is retrieved
Domain Optional String No Not evaluated

The specification of the attribute to be retrieved as manager attribute (i.e. "manager") as well as the attribute to be retrieved for the manager entry (i.e. "uid") are fixed in the transformation file used by the plug-in configuration, for example MemberManagerTransformation.xsl located in the app_server_root/ProcessChoreographer/Staff directory. If changes are needed, the.xsl file has to be adapted accordingly.

Example (change attribute storing the manager DN to "firstlinemanager", user return attribute to "userid"): 

        <xsl:template name="ManagerofEmployee">
   ...
    <swmm:user>
        <xsl:attribute name="id">
            <xsl:value-of select="staff:parameter[@id='EmployeeName']"/>
        </xsl:attribute>
        <xsl:attribute name="idType">memberDN</xsl:attribute>
        <xsl:attribute name="attribute">firstlinemanager</xsl:attribute>
    </swmm:user>
   ...
    <swmm:user>
        <xsl:attribute name="id">%manager%</xsl:attribute>
        <xsl:attribute name="idType">memberDN</xsl:attribute>
        <xsl:attribute name="attribute">userid</xsl:attribute>
    </swmm:user>
   ...
    </xsl:template>

 

Manager of Employee by User ID

Use this verb to retrieve the manager of a person using the person's user ID. This verb is similar to Manager of Employee except that it takes a user ID as input instead of a full name, for example wpsadmin instead of "uid=wpsadmin,cn=users,dc=mycomp", and permits the use of context variables.

Parameter Use Type Supported by Member Manager Description
EmployeeUserID Mandatory String Yes The user ID of the employee whose manager is retrieved. Supports context variables, such as %wf:process.starter%
Domain Optional String No Not evaluated

 

Native Query

Use this verb to define a search query based on specific parameters.

The result of the query is a set of users represented by a specified user attribute, which is to be returned, for example "cn". The query allows the following three search constraints:

  • A search base indicating the search space within which the search is to be conducted

  • A search type indicating the type of objects to search on

  • A search condition indicating a query value which needs to match the content of a specified search attribute

The following parameters permit the specification of the constraints:

Parameter Use Type Supported by Member Manager Description
QueryTemplate Mandatory String Yes The query template to use for the query. Has to be one of the following:

  • search

  • user

  • usersOfGroup

Query Mandatory String Yes The value to find for the search attribute
AdditionalParameter1 Mandatory String Yes The operator to use when evaluating the search attribute contents against the queried value. Has to be one of the following:

  • equal
  • greaterThan
  • greaterOrEqual
  • lessOrEqual
  • like
  • lessThan
  • notEqual
  • notNull

AdditionalParameter2 Mandatory String Yes Search attribute to use for finding entries, for example "uid"
AdditionalParameter3 Mandatory String Yes The name of the attribute to retrieve for found users, for example "cn"
AdditionalParameter4 Mandatory String Yes Specifies the type of entries to search on. Has to be one of the following:

  • person
  • group
  • groupRecursive

Used in template "search" only.

AdditionalParameter6 Optional String Yes The search base to use, for example "cn=users,dc=mycom"

Used in template "search" only.

Example 1: 

        Query:                     peter     Query template:         search     AdditionalParamter1:    equal     AdditionalParameter2:     uid     AdditionalParameter3:     uid     AdditionalParameter4:     person     AdditionalParameter5:     cn=users,dc=mycom     
    has to be read as:
        search (from Query template)
                on entries of type person (from AdditionalParameter4)
                under search base cn=users,dc=mycom (from AdditionalParameter5)
                for entries matching search condition                         uid (from AdditionalParameter2)
                        equal (from AdditionalParamter1)
                        peter (from Query)
        and retrieve for all found (user) entries                 the value of attribute uid (from AdditionalParameter3)

Example 2: 

        Query:                     department1
    Query template:         search     AdditionalParameter1:     equal     AdditionalParameter2:     cn     AdditionalParameter3:     uid     AdditionalParameter4:     group     AdditionalParameter5:     cn=groups,dc=mycom     
    has to be read as:
            search (from Query template)
                    on entries of type group (from AdditionalParameter4)
                    under search base cn=group,dc=mycom (from AdditionalParameter5)
                    for entries matching the search condition                             cn (from AdditionalParameter2)
                            equal (from AdditionalParamter1)
                            department1 (from Query)
            and retrieved for all users contained in the found group(s)
                    the value of attribute uid (from AdditionalParameter3)

When searching on objects of type "groupRecursive", the users of found group(s) will be considered for retrieval as well as the users that are part of subgroups of the group(s).

Query templates The following three templates can be used:

  • The search template is the most general one, allowing use of all mentioned parameters. All parameters except AdditionalParameter5 (search base) have to be specified. If no search base is specified, the search base defined by Member Manager for users...

    cn=users,dc=mycomp,dc=com

    ...respectively groups...

    cn=groups,dc=mycomp,dc=com

    ...is assumed.

  • The user template is a special case. It assumes a search on objects of type "person" and uses the default search base for users. The other parameters are used in analogy to the search template case; for example (Example 4): 

        Query:                    Peter     Query template:           user     AdditionalParameter1:     equal     AdditionalParameter2:     uid     AdditionalParameter3:     uid

    Do not set AdditionalParameter4 and AdditionalParameter5.

  • The usersOfGroup template is a special case of the search template. It assumes a search on objects of type "group" and uses the default search base of Member Manager for groups. The other parameters are used in analogy to the search template case; for example (Example 5): 

        Query:                  department1
    Query template:         usersOfGroup     AdditionalParameter1:   equal     AdditionalParameter2:   cn     AdditionalParameter3:   uid

    Do not set AdditionalParameter4 and AdditionalParameter5.

 

Nobody

Use this verb to deny normal users access to the work item; only the process administrator and the process choreographer system administrator have access. This verb has no parameters and is supported by all plug-in including the Member Manager plug-in.

 

Person Search

Use this verb to search for people based on an attribute match. All users are retrieved featuring a specified attribute and a specified value, for example "Profile" equaling "Employee". A process modeler can set a number of parameters when selecting the verb for an activity role:

Parameter Use Type Supported by Member Manager Description
UserID Optional String Yes The user ID of the users to retrieve
Profile Optional String Yes The profile of the users to retrieve
LastName Optional String Yes The last name of the users to retrieve
FirstName Optional String Yes The first name of the users to retrieve
MiddleName Optional String Yes The middle name of the users to retrieve
Email Optional String Yes The e-mail address of the users to retrieve
Company Optional String Yes The company to which the users belong
DisplayName Optional String Yes The display name of the users to retrieve
Secretary Optional String Yes The secretary of the users to retrieve
Assistant Optional String Yes The assistant of the users to retrieve
Manager Optional String Yes The manager of the users to retrieve
Department Optional String Yes The department to which the users belong
Phone Optional String Yes The telephone numbers of the users to retrieve
Fax Optional String Yes The fax number of the users to retrieve
Gender Optional String Yes Whether the user is male or female
Timezone Optional String Yes The time zone in which the users are located
PreferredLanguage Optional String Yes The preferred language of the users to retrieve

One attribute (Type, Industry Type,...) should be set at a time. Only the first attribute in the list will be evaluated.

The specification of the attribute to be retrieved for the users (i.e. "uid") are fixed in the transformation file used by the plug-in configuration, for example MemberManagerTransformation.xsl located in the app_server_root/ProcessChoreographer/Staff directory. If changes are needed, the.xsl file has to be adapted accordingly.

Example (change user return attribute to "cn"): 

        <xsl:template name="PersonSearch">
   ...
    <swmm:search>
            <xsl:attribute name="returnType">person</xsl:attribute>
            <xsl:attribute name="returnAttribute">cn</xsl:attribute>
            <xsl:attribute name="searchAttribute"><xsl:value-of select="$searchparam"/></xsl:attribute>
            <xsl:attribute name="operator">equal</xsl:attribute>
            <xsl:attribute name="referenceValue"><xsl:value-of select="staff:parameter"/></xsl:attribute>
            <xsl:attribute name="referenceType">String</xsl:attribute>
    </swmm:search>
    </xsl:template>

 

Role Members

Use this verb to retrieve the users associated with a business process role.

The verb translates into a search for all entries of type (i.e. LDAP objectclass) "person" which are located under a predefined search base, for example "o=roleName,cn=role,dc=mycomp" and retrieving a predefined attribute value, for example "uid". A process modeler can set a number of parameters when selecting the verb for an activity role. Except for the role names, none of the parameters are evaluated during the staff verb resolution.

Parameter Use Type Supported by Member Manager Description
RoleName Mandatory String Yes Role name of the users to retrieve
IncludeNestedRoles Mandatory Boolean No Not evaluated
Domain Optional String No Not evaluated
AlternativeRoleName1 Optional String Yes An alternative role name for the user
AlternativeRoleName2 Optional String Yes An alternative role name for the user

The specification of the search parameters (type, search base, retrieved attribute) is fixed in the transformation file used by the plug-in configuration, for example MemberManagerTransformation.xsl located in the app_server_root/ProcessChoreographer/Staff directory. If changes are needed, the.xsl file has to be adapted accordingly. Adaptations are done in analogy to the "Department Members" case (see above).

 

Users

Use this verb to define staff query for a user whose name is known. Use full names, for example "uid=wpsadmin,cn=users,dc=mycomp" to specify values. A process modeler can set a number of parameters when selecting the verb for an activity role:

Parameter Use Type Supported by Member Manager Description
Name Mandatory String Yes The name of the user to retrieve
AlternativeName1 Optional String Yes An alternative user name; use this parameter to retrieve more than one user
AlternativeName2 Optional String Yes An alternative user name; use this parameter to retrieve more than one user

The specification of the attribute to be retrieved for the users (i.e. "uid") are fixed in the transformation file used by the plug-in configuration, for example MemberManagerTransformation.xsl located in the app_server_root/ProcessChoreographer/Staff directory. If changes are needed, the.xsl file has to be adapted accordingly.

Example (change user return attribute to "cn"): 

        <xsl:template name="Users">
   ...
    <swmm:user>
            <xsl:attribute name="id"><xsl:value-of select="$username"/></xsl:attribute>
            <xsl:attribute name="idType">memberDN</xsl:attribute>
            <xsl:attribute name="attribute">cn</xsl:attribute>
    </swmm:user>
   ...
    </xsl:template>

 

Users by user ID

Use this verb to define a staff query for a user whose user ID is known. Use short names for example "wpsadmin" to specify values. A process modeler can set a number of parameters when selecting the verb for an activity role:

Parameter Use Type Supported by Member Manager Description
UserID Mandatory String Yes The user ID of the user to retrieve
AlternativeID1 Optional String Yes An alternative user ID; use this parameter to retrieve more than one user
AlternativeID2 Optional String Yes An alternative user ID; use this parameter to retrieve more than one user

 

Resources about Business Process Choreographer staff plug-in providers

The staff plug-in providers concept is defined as part of Process Choreographer, which is a constituent part of the IBM WebSphere Process Server product. For a detailed description of the concept and general usage information, please refer to the following product Information Center and available technical support papers:

 

Parent topic:

Configure the business process container for the portal

 

Related concepts

Configure security
Cluster and WebSphere Portal

 

Related tasks

Update security settings for business process applications
Update the database for the business process container
Configure the business process container for the portal

 

Related reference:

Business process configuration parameters

 

Related information

Enable the business process for portal
WebSphere Process Server Information Center