You can restore deleted objects by using the Restore command that is available in the Command pane when you select a deleted object in the Web Interface.
To restore a deleted object
- In a list of deleted objects, select the object you want to undelete. For instructions on how to build a list deleted objects, see Locating deleted objects.
- In the Command pane, click Restore.
- Review and, if necessary, change the settings in the Restore Object dialog box, and then click OK to start the restore process.
The Restore Object dialog box prompts you to choose whether the deleted child objects (descendants) of the deleted object should also be restored. The Restore child objects check box is selected by default, which ensures that the Restore command applied on a deleted container restores the entire contents of the container.
NOTE: When restoring a deleted object, ensure that its parent object is not deleted. You can identify the parent object by viewing properties of the deleted object: the canonical name of the parent object, preceded with the “Deleted from:” label, is displayed beneath the name of the deleted object on the property page for that object. If the parent object is deleted, you need to restore it prior to restoring its children because deleted objects must be restored to a live parent.
The approval workflow system included with Active Roles provides:
- A point-and-click interface to configure approval rules, available from the Active Roles console. The approval rules are stored and performed by the Active Roles Administration Service.
- The directory management section of the Web Interface for submitting operation requests for approval. For example, approval rules could be configured so that creation of a user account starts an approval workflow instead of immediately executing the user creation operation. For information on how to use the directory management section, see Managing Active Directory objects earlier in this document.
- The Approval area of the Web Interface to manage operation requests and approvals. This area includes a “to-do” list of the approval tasks the designated user has to carry out, allowing the user to approve or reject operation requests.
The Approval area provides a way to perform change approval actions, allowing you to control changes to directory data that require your approval and monitor your operations that require approval by other persons. You can use the Approval area to:
- Perform approval tasks—approve or reject operations so as to allow or deny the requested changes to directory data. Examples of operations include (but not limited to) creation and modification of user accounts or groups.
- Check the status of your operations—examine whether the changes to directory data you requested are approved and applied, or rejected.
When a Web Interface user makes changes to directory data that require permission from other individuals in an organization, the changes are not applied immediately. Instead, an operation is initiated and submitted for approval. This starts a workflow that coordinates the approvals needed to complete the operation. The operation is performed and the requested changes are applied only after approval. An operation may require approval from one person or from multiple persons.
When an operation is submitted for approval, Active Roles tracks the initiator and the approver or approvers. The initiator is the person who requested the changes. Approvers are those who are authorized to allow or deny the changes. An operation that requires approval generates one or more approval tasks, with each approval task assigned to the appropriate approver. Active Roles administrators configure approval workflow by creating approval rules to specify what changes require approval and who is authorized to approve or deny change requests.
In the Approval area, you can work with the operations for which you are assigned to the approver role. As an approver, you are expected to take appropriate actions on your approval tasks.
To access the Approval area
- On the Web Interface Home page, click in the Approval box.
The Approval area provides a number of views to help you locate approval items—tasks and operations:
- My Tasks Contains detailed entries representing the approval tasks assigned to you. Depending on their status, the approval tasks are distributed into two views. The Pending view allows you to manage the approval tasks awaiting your response. The Completed view lists your approval tasks that have been completed.
- My Operations The Recent view lists your recent operations that required approval, and allows you to examine the status and details pertinent to each operation.
In addition to using the predefined views, you can locate operations and tasks by using the search function.
To search for an operation or task by ID
- In the right pane of the Web Interface page, under the Search label, type the ID number of the operation or task in the Search by ID box.
- Click the button next to the Search by ID box to start the search.
You can also search for approval items (operations and tasks) by properties other than ID. For instance, you can find the operations that were initiated by a specific user. Another example is the ability to locate approval tasks generated within a specific time period. To access the advanced search function, click Advanced Search under the Search label. Then, use the Advanced Search page to configure your search settings and start a search.
Advanced search is the most comprehensive way to search for approval items such as operations and tasks. Use it to find approval items based on their properties. You do this by creating queries, which are sets of one or more rules that must be true for an item to be found. An example of a query for operations is “Initiator is (exactly) John Smith.” This specifies that you are searching for operations that have the Initiator property set to John Smith’s use account.
With advanced search, you can use conditions and values to search for approval items based on item properties (referred to as “fields” on the search page). Conditions are limitations you set on the value of a field to make the search more specific. Each type of item has a set of relevant fields and each type of field has a set of relevant conditions that advanced search displays automatically.
Some fields, such as “Target object property,” require that you select a property to further define your search. In this case, you configure a query to search for operations or tasks specific to the approval of changes to the objects based on a certain property of those objects. For example, to find the operations that request any changes to the “Description” property, you could select the “Target object property” field, select the “Description” property, and then choose the “Modified” condition.
Some conditions require a value. For example, if you select a Date field, the “Is between” condition requires a date range value so you have to select a start date and an end date to specify a date range. Another example is the Initiator field, which requires that you select a user account of the Initiator role holder.
In some cases, a value is not required. For example, if you select the “Modified” condition, value is not necessary since this condition means that you want your search to be based on any changes to a certain property, without considering what changes were actually requested or made to the property value.
The following topics cover the predefined views of the Approval section.