By default, any CRUD activity is executed under the user account specified by the “run as” setting in the workflow options and start conditions. This could be the service account of the Active Roles Administration Service or the account of the user who caused the workflow to start. You can configure the activity to override the default “run as” setting by choosing to run the activity under the service account or the account of the user who caused the workflow to start. The account under which the activity is running determines the access rights of the activity in the directory.
One more option determines whether to apply approval rules to the operation requested by the activity if the activity is executed under a privileged account, such as the Active Roles service account, an Active Roles Admin account, or the account of the user who is designated as an approver. By default, the activity uses the option setting specified in the workflow options and start conditions. However, the workflow-wide option setting can be overridden on a per-activity basis.
When you configure a CRUD activity, you can enable or disable the Enforce approval option for that activity. When enabled, this option causes the approval rules to be applied, submitting the operation for approval regardless of the account under which the activity is executed. Otherwise, the operation requested by the activity bypasses approval rules if the activity is executed under the Active Roles service account, an Active Roles Admin account, or the account of the user who is designated as an approver, so the operation is not submitted for approval.
A CRUD activity has the following additional configuration options:
Save Object Properties activity is intended to save properties of a particular object at workflow execution time. The properties are saved in the workflow data context, and can be retrieved by other activities before or after the object has changed. This capability is instrumental in situations that require knowing not only the changed object state or properties but also the previous or old values of certain properties. Old values may be required to determine the previous state of an object in order to make some decision or perform a certain action based on those values. For example, to notify of object deletions, you can create a workflow that starts when deletion of an object is requested, saves the object’s name, and then, after the object is deleted, sends a notification message that includes the saved name of the deleted object.
This activity has the following configuration options:
The notification settings specify the event to notify of, and notification recipients. When executed by the workflow, the activity prepares a notification message appropriate to the specified event. Active Roles retains the message prepared by the activity, and sends the message to the specified recipients upon occurrence of that event. The notification settings are similar to the notification settings of a Notification activity (see Notification activity earlier in this document).
In a workflow that includes an activity of the Save Object Properties type, you can configure other activities to retrieve object properties saved by that activity:
$workflow.SavedObjectProperties("activityName").get("attributeName")
In this expression, activityName stands for the name of the Save Object Properties activity and attributeName
is the LDAP display name of the attribute representing the property you want the script to retrieve. You should specify an attribute listed in the Target properties setting of the “Save Object Properties” activity; otherwise, this expression returns no property value at workflow execution time.
You should select a property listed in the Target properties setting of the Save Object Properties activity; otherwise, the token you have configured returns no property value at workflow execution time.
In the Object Property dialog box, click the link in the Target object field, and then click More choices.
You should select a property listed in the Target properties setting of the Save Object Properties activity; otherwise, the entry you have configured returns no property value at workflow execution time.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책