expiration of group member
Hi, I have a group and would like to add the member in the group for a specific time. Lets say add the member in the group for 20 days,30 days (or mention the startdate/enddate for the user in the group). After the date is finished, user should be removed from the group automatically. Different users may have different date of removal from the group. Could you please suggest where can i add the days or start/end date of a user to join the group. Group is manually managed type.
August 16th, 2011 7:29am

If you want to do this only for one group, this could be a possible solution: To set the expiration: add a property "MyGroupMembershipExpiration" to the Person class create a set "MyGroupSet", including only your group create a workflow that sets the "MyGroupMembershipExpiration" property to today + 20 days (you will need to write a custom activity for this) create an MPR that triggers the workflow when the ExplicitMember property of an object in "MyGroupSet" changes To remove members: create a set "MyGroupMembershipExpired" = Person where MyGroupMembershipExpiration prior to today create a workflow that removes persons from MyGroup create an MPR that triggers the workflow when a person transitions in the "MyGroupMembershipExpired" set This is not suitable if you want to do this for many groups, however, as you would have to repeat this procedure for every group... Hope this helps, Paolo Paolo Tedesco - http://cern.ch/idm
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2011 8:16am

Thanks Paolo, Actually, i would to do this for 100 groups.One User may be a member of n number of group for the different time interval. lets say we have groups SG1-- SG100. and user 1-1000. User one may be a member of SG3 for 10 days, SG7 for 30 days,SG100 for 100days etc. User two may be a member of SG3 for 25 days, SG8 for 60 days,SG100 for 40 days etc. So it looks that in FIM it is very difficult. Is there any other alternative for it?
August 16th, 2011 8:59am

I have successfully implemented basically the same scenario myself ... using a couple of custom activities to create/update FIM resources, including a custom userEntitlement resource type with the following schema: userID (ObjectID of your group member user) entitlementID (ObjectID of your group) startDate (dateTime of the start of the entitlement) endDate (dateTime of the end of the entitlement) You also need to maintain a multi-value binding on user called entitlementID and update this (at the same time as maintaining instances of the above resource type) with the ObjectID of above userEntitlement resources that are "current". This schema satisfies your requirement of a different start/end date for each group member, whereby your group membership needs to be defined as dynamic At any point in time your (dynamic) group membershipship could be defined as something like this (adjust it to suit!): /Person[entitlementID = /userEntitlement[(endDate > fn:current-dateTime()) and (startDate < fn:current-dateTime())]] You can then use one temporal set to trigger a set transition MPR to notify users of userEntitlements due to expire in 10 days, and another temporal set to trigger another set transition MPR to delete userEntitlements that have expired (using a custom activity to delete a resource by ID as it transitions into your temporal set). If you have a finite number of groups you can define (say in terms of a role that is sourced from say your HR system ... e.g. "Delhi Users" based on users in the location "Delhi" ... another MPR/workflow/custom activity can be used to automatically create/update/delete a corresponding set of dynamic groups (with the above style of filter) for each such role. For more info on the style of FIM schema design necessary to achieve this, refer to my wiki article.Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.unifysolutions.net/ourSolutions.cfm?solution=event for just-in-time delivery of FIM 2010 policy via the sync engine
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2011 10:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics