• State Verified Answer
  • Replies replies
    5
  • Subscribers subscribers
    29
  • Views views
    392
  • Users 0 members are here
  • Locked Locked
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Approver change expiration date for role request

tomerazran

Hello,

We want than an approver will be able to change the expiration date of a role request in custom role approval PRD.

Is it possible to do that?

I see that there are only get methods for the NrfRequest object - are there any set methods?

Thanks,

Tomer.

  • 0

    I don't think there are any setters available to call but I believe you may be able to change the request contents in directory.

  • Verified Answer

    +1 in reply to FT

    I think what FT is suggesting is that for requests for roles, the UA makes a nrfRequest object.  It references the user and the Role and has a start and end date. 

    In theory you can change the end date via LDAP.  But there is more than just the nrfRequest object.  There is nrfAssignedRoles on the user, that has text with the expiration in them in the XML in the path component that you need to update.

    Then there is an nrfNextExpiration on the user, that needs to consider all the nrfAssignedRoles (And in principle, could be nrfGroupRoles and nrfContainerRoles since those can have expirations as well) and you need to get all the expiration times in the path nodes out of the XML, compare tyhem all, and set the nrfNextExpiration to the earliest one.

    Ever wonder why RRSD is thought to be slow? 

  • 0 in reply to Geoffrey Carman

    Thank you for sharing this knowledge.

  • 0 in reply to Geoffrey Carman

    Exactly, you want to change the nrfRequest before it is actually approved to avoid interfering with processing done by RRSD . But AFAIR this should have the effect you want as if the change was in the request in the first place. PoC will be easy - I haven't done something like that in recent versions though, so better confirm it goes smoothly first.

  • 0

    One other option is to use a workflow connected to the request form (custom made) with an approval activity before submitting the request to the role request activity. You can have a field for expiration date in the request form and take that flowdata an pass it into the approval form, possible for the approver to change or edit.

    Of course this will have some negative impact on how the actual approval workflow on the role (if you have some) is registered within the system. For instance, you could end up with an approval that looks like the original requester approved their own request.

    This is not a recommended solution because of the side effects (hence, you are not approving the role assignment itself but rather the request workflow for the role). But it resolves the requirement to change the role expiration date during the approval process.

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.