Use Case

This chapter explains how to set up and run the use case. There are three sample configuration objects that you need to create in order to run this use case:

  • MyRPfromUser – this object is a role parameter with a user-specific proposal list. The section "Configure the Role Parameter" describes how to configure it for this use case.

  • User with Proposals – this object is a user that is configured to hold a user-specific proposal list in the user attribute "Middle Name". The sections "Define the Object Description" and "Define the Proposed Values" describe how to configure it for this use case.

  • RoleParamFromUser – this object is a role that uses the MyRPfromUser role parameter. You need to create this role (or modify an existing one) and configure it to use the MyRPfromUser role parameter. For more information about this task, see the DirX Identity Manager context-sensitive help and the DirX Identity Provisioning Administration Guide → "Managing the Privilege Structure" → "Managing Roles" → "Assigning Role Parameters".

Configure the Attribute

To configure a user-specific attribute for the proposal list:

  • In the role parameter, configure the attribute that holds the proposal list.

  • In the object description, define the attribute referenced in the role parameter.

Configure the Role Parameter

In this step, you use DirX Identity Manager to create the role parameter MyRPfromUser, which must be of type String, at the Domain Configuration level. See the DirX Identity Manager context-sensitive help and the DirX Identity Provisioning Administration Guide → "Managing Domains" → "Configuring a Domain" → "Setting up Role Parameters" for details.

In the role parameter’s General tab, you’ll see the section Proposal from Subject/Resource with the property Reference expression. Use this section to specify the user attribute or the role attribute that is to hold the proposal list. Here are two examples of a reference expression:

${user.initials} takes the proposed values from the initials attribute of the user. The source for this assignment is provided in a user attribute instead of in a proposal list object in the Domain Configuration view or in a "tagprovider" element of a property description.

${user.dxrcontextlink.dxrproposedvalues} follows the user’s dxrcontextlink attribute and takes the proposed values from the dxrProposedValues attribute. The dxrProposedValues attribute must be added to the business object schema provided by a business object of the user. This reference expression shows how you can use a user’s link attribute to point to a proposal list; here, it’s the dxrcontextlink attribute.

For this use case, we’ll use the ${user.initials} as the reference expression.

Define the Object Description

The attributes used in role parameter reference expressions need to be defined in the corresponding object descriptions. For this use case, we’ll modify the user object description in the Customer Extensions folder of the Domain Configuration (Domain Configuration view → My-Company → Customer Extensions → Object Descriptions → UserCommon.xml) to make the "initials" attribute multivalued.

Here is the updated definition:

		<property name="initials"
			label="Middle Name"
			multivalue="true"
			type="java.lang.String"
			incremental="false"/>
The usual method for customizing object descriptions is to create a new customer-defined attribute and a new LDAP attribute in the schema. See the DirX Identity Customization Guide → "Customizing Objects" → "Customizing Provisioning Objects" → "Adding a New User Attribute" for details.

Define the Proposed Values

To define the proposed values for the role parameter MyRPfromUser, you can use the same mechanism as you would use to define proposal lists. See the DirX Identity Manager context-sensitive help for proposal lists, proposal list items and the Multi-Value Editor for details.

For this use case, you define the proposed values directly at the user object in the Middle Name attribute (because you have set up this attribute to be multivalued in the user object description, as described in the section "Define the Object Description"):

User with Proposals

In Middle Name:, the line third;3rd computer;si=0 indicates the following:

  • Use 3rd computer for display.

  • Display 3rd computer as the first element in the list (si=0).

For details on this syntax, see the DirX Identity Customization Guide > "Customizing Parameters" > "Creating a New Proposal List".

Assign the Sample Role

Now you can make the sample role assignment with the defined role parameter:

  • Use DirX Identity Manager at the User with Proposals object in the Users view to assign the role RoleParamFromUser with the role parameter MyRPfromUser. The dialog to define the role parameter appears.

  • In the Role Parameters tab, you see the following display:

    Role Parameters

  • From the drop-down list, select second:

    Second Role Parameter

  • Save the assignment. In Assigned Roles, you’ll see the selection you made:

    User with Assigned Role

The dxrRoleParamValue in the LDAP assignment is:

<roleparamvalues name="MyRPFromUser" uid="uid-c0a8be81--3bb79da4-149c89e603a--7ffe" type="String">
    <value key="second">second</value>
</roleparamvalues>