Active Roles 7.2.1 - Web Interface User Guide

Example 2: Adding a user to a group

This demonstrates how to add a user account to a group by using the Web Interface.

To add a user account to a group

1. In the Web Interface locate and select the user account. For instructions on how to locate objects in the Web Interface, see Locating directory objects earlier in this document.
2. In the Command pane, click Member Of.
3. On the Member Of page that appears, click Add.
4. On the Select Object page that appears, perform a search to locate the group. For instructions on how to configure and start a search, see Searching for directory objects earlier in this document.
5. In the list of search results on the Select Object page, select the group to which you want to add the selected user account, and then click Add.

Running an automation workflow

Workflow refers to a sequence of actions that leads to the completion of a certain task. Active Roles allows administrators to configure various workflows that can be started on a scheduled basis or on user demand. This workflow type is called automation workflow. For more information, see “Automation workflow” in the Active Roles Administrator Guide.

If an automation workflow is configured so that running it on demand is allowed, then such a workflow can be run from the Web Interface.

To run an automation workflow from the Web Interface

1. On the Navigation bar, click Directory Management.
2. On the Tree tab in the Browse pane, expand the Workflow branch and click the container that holds the desired workflow.
3. In the list of objects, select the desired workflow.
4. In the Command pane, click Run.
5. If prompted, review or change the values of the workflow parameters.
6. Click OK in the confirmation message box.

The Web Interface prompts you for parameter values if the workflow has any parameters that need to be supplied by the user running the workflow on demand. If the workflow has no parameters that require user input, then the Web Interface starts the workflow without prompting you for parameter values.

Once you have started an automation workflow, the Web Interface opens a run history report allowing you to examine the progress of workflow execution. The report displays the workflow execution status along with information about the activities performed during workflow run. For a workflow that is in progress you have the option to cancel execution of the workflow by clicking the Terminate button.

After the workflow is completed, the report retains history information about the workflow run. For each completed run of the workflow, the report allows you to identify when and by whom the workflow was started, when the workflow was completed, and what parameter values were used.

The report also lists the workflow activities that were executed during the workflow run. For each activity, you can determine whether the activity was completed successfully or returned an error. In case of error, the report provides an error description. For activities requesting changes to directory data (for example, activities that create new objects or modify existing objects), you can examine the requested changes in detail by clicking the Operation ID number in the run history report.

To view run history of an automation workflow in the Web Interface

1. On the Navigation bar, click Directory Management.
2. On the Tree tab in the Browse pane, expand the Workflow branch and click the container that holds the desired workflow.
3. In the list of objects, select the desired workflow.

In the Command pane, click Run History.

Managing temporal group memberships

By using temporal group memberships, you can manage group memberships of objects such as user or computer accounts that need to be members of particular groups for only a certain time period. This feature gives you flexibility in deciding and tracking what objects need group memberships and for how long.

This section guides you through the tasks of managing temporal group memberships in the Web Interface. If you are authorized to view and modify group membership lists, then you can add, view and remove temporal group members as well as view and modify temporal membership settings on group members.

Adding temporal members

A temporal member of a group is an object, such as a user, computer or group, scheduled to be added or removed from the group. You can add and configure temporal members using the Web Interface.

To add temporal members of a group

1. In the Web Interface, select the group, and then choose the Members command.
2. On the Members page, click Add.
3. In the Select Object dialog box find and select the objects that you want to make temporal members of the group, and then click Temporary Access.
4. In the Temporal Membership Settings dialog box, choose the appropriate options, and then click OK:
   • To have the temporal members added to the group on a certain date in the future, select On this date under Add to the group, and choose the date and time you want.
   • To have the temporal members added to the group at once, select Now under Add to the group.
   • To have the temporal members removed from the group on a certain date, select On this date under Remove from the group, and choose the date and time you want.
   • To retain the temporal members in the group for indefinite time, select Never under Remove from the group.