JavaScript extension reference

The reference section is arranged alphabetically.

There are a number of IBM Security Identity Manager specific objects available for use. ISIM uses JavaScript extensions to package JavaScript objects and APIs. An extension can also be a package of other extensions (for example, ModelExtension).

After an extension is defined, it can be registered in the scriptframework.properties file to be used in a specific JavaScript context. Use the Update Property page from the Appliance Dashboard of the IBM Security Identity Manager virtual appliance console. See Manage the server properties. In some cases, an environment needs to be created for an extension.

Table 1 shows these script extensions..

Script Extension	Object Name	Object Type
AttributesExtension (deprecated)	ATTRIBUTES	Map
EmailContextExtension	EmailContext	EmailContext
EnroleExtension	Enrole erro.	Enrole Error
IdentityPolicyExtension	IdentityPolicy	IdentityPolicy
LoopCountExtension	loopcount	int
PersonPlacementRulesExtension	entry	Map
PostOfficeExtension	PostOffice	PostOffice
ProvisioningPolicyExtension	parameters reason	Map int (0: New Account, 1: Existing Account)
AccountModelExtension	Account constructor AccountSearch constructor	Account AccountSearch
OrganizationModelExtension	ContainerSearch constructor	ContainerSearch
PersonModelExtension	Person constructor ExtendedPerson constructor PersonSearch constructor	Person ExtendedPerson PersonSearch
RoleModelExtension	Role constructor RoleSearch constructor	Role RoleSearch
ServiceModelExtension	Service constructor ServiceSearch	Service ServiceSearch
ReminderExtension	reminderCtx	Reminder
ServiceExtension	service	DirectoryObject
SubjectExtension	subject	Person For Orphan Adoption Rule JavaScript, the subject is a Map, which contains the account attributes returned from reconciliation. The entries in the map are referred by the name of the account attributes, which might vary based on the service type.
WorkflowExtension	process activity Participant constructor ParticipantType $RelevantDataName	Activity Participant ParticipantType ProcessDataProcess

Finding methods and properties for a specific JavaScript object

This example demonstrates how to find methods and properties for a specific JavaScript object.

If we are writing a workflow script, look in the scriptframework.properties file to see which extensions are available. By default, workflow loads the model extensions, the WorkflowExtension, and the LoopCountExtension.

Table 1shows that WorkflowExtension defines scripting objects that include process, activity, a Participant constructor, an object named ParticipantType, and a series of workflow-specific pieces of data.

In another column in the table, notice that the process object is of type Process. Now, locate Process in this reference to see that Process type has a property called name, and a method called getParent().

To understand how to use maps, notice that objects, such as parameters from ProvisioningPolicyExtension, have a type of Map. A Map, also known as a dictionary, is a named JavaScript object that can hold many other objects which can be accessed by name. The parameters object holds another object named uid. To access uid, we can type parameters.uid[0]. (In this case uid is an array, so we must type [0] to get the first element of the array.) The values that a map holds will vary between each map. For more information, locate the specific map in the JavaScript reference.

• How to read the reference pages
  This section explains the structure of each reference item.
• Account
  Represents an account associated with a provisioning operation.
• AccountSearch
  We can search for an account with the AccountSerach object.
• Activity
  Activity is used to reference any activity in a IBM Security Identity Manager workflow.
• AttributeChangeOperation
  The object represents an entity about the attribute change operation.
• ContainerSearch
  The object represents the search for an organizational container.
• Context
  The object represents the context of the currently running workflow process (for example, requestor or subject). Only used for entitlement workflows.
• Delegate
  The object provides the Delegate JavaScript object for use in the JavaScript environment of delegation notification. The Delegate JavaScript object and their use is described in this section.
• DirectoryObject
  The object represents any IBM Security Identity Manager directory object or entity.
• EmailContext
  The object provides access to contextual information specific to a type of notification that is sent.
• Enrole
  The object contains the general methods.
• Error
  This object contains a script error description to notify the calling code of an exceptional runtime condition.
• ExtendedPerson
  This object extends the Person object with the ownership type information for account adoption.
• IdentityPolicy
  The object represents the identity policy entity.
• PackagedApprovalDocument
  A relevant data object used in multi-item approval, used exclusively in user recertification workflows. This object is made up of multiple PackagedApprovalItem objects from the user recertification approval and allows for searching and retrieving recertification items.
• PackagedApprovalItem
  A relevant data object used in ISIM multi-item approval, used exclusively in user recertification workflows. This object represents the individual roles, accounts, and groups that are presented to the user during the recertification process. Some items might contain a decision code that indicates the choice of the approvers for that item. Each item also contains a list of children used to represent relationships between accounts and groups.
• Participant
  Workflow participant entity, which specifies an activity participant. In a mail node, this entity specifies the mail recipient.
• Person
  The object represents the person entity.
• PersonSearch
  The object searches for a person.
• PostOffice
  The object post office object that consolidates notifications.
• Process
  Represents ISIM workflow process.
• ProcessLog
  Object used to retrieve justification information for a process or activity.
• RecertificationWorkflow
  Provides extended capabilities to user recertification workflows, including audit support for the reporting and view requests functions.
• Reminder
  An activity to-do item reminder informs the participant that ISIM requires user action.
• Role
  The object represents the role associated with a provisioning operation.
• RoleAssignmentAttribute
  The object represents the role assignment attribute associated with a role.
• RoleAssignmentObject
  The RoleAssignmentObject class is a DataObject class for role assignment data.
• RoleSearch
  The object searches for a role.
• SeparationOfDutyRuleViolation
  Object that provides information about a specific separation of duty rule violation. Use this object to get specific information about a separation of duty policy violation. This object cannot be created for use by the user.

  The user can work only with SeparationOfDutyRuleViolation objects that the system has generated as part of the approveSoDViolation workflow.

• Service
  The object represents the service associated with a provisioning operation.
• ServiceSearch
  Use the object to provide searching capability for ISIM services.
• UserAccess
  The object extends the Account object and contains the data for a new account or changes to an existing account to provision the access, along with further information for the access.
• AccessRequestBatch
  The object provides the AccessRequestBatch JavaScript object for use in the JavaScript environment of the access request batch notification templates.