Skip to content

R2 Authorization after Action

R2 introduced a new property to the UpdateResourceActivity, CreateResourceActivity and DeleteResourceActivity classes called “ApplyAuthorizationPolicyProperty”. Setting this to “true” in your custom activity allows an Authorization activity to be triggered by an Action workflow.

I have finally had an opportunity to try this out.

My Use Case

I’m developing a solution based around Services, Roles and Entitlements. Services have one or more Roles, and you need an Entitlement specific to a Service-Role combo to get access to it. Depending on the Service there are different requirements for approvals and notifications.

A number of the Services have a training requirement and this should be the final approval step in the process. Here’s how it might go:

  1. User requests an entitlement,
    1. Manager must approve,
  2. Entitlement is created with Training set to “Requested”,
    1. Workflow triggers to update Training to “Done”,
      • Trainer must approve,
  3. Entitlement now active with Training=”Done”.

Before R2 that “Trainer must approver” step wasn’t possible, at least not without some externally-triggered PowerShell trickery. Now we can do it, but you will have to write a custom activity to do your equivalent of my step 2a above.

Custom Update Activity

To demonstrate this functionality I wrote a very simple activity that uses the UpdateResourceActivity to set a value.

    

 There is only one code activity and then the UpdateResourceActivity.

Here’s the code activity:

    Private Sub InitializeUpdateActivity_ExecuteCode(ByVal sender As System.Object, ByVal e As System.EventArgs)
        '' Get containing Workflow
        Dim containingWorkflow As SequentialWorkflow = Nothing
        If Not SequentialWorkflow.TryGetContainingWorkflow(Me, containingWorkflow) Then
            Throw New InvalidOperationException("Could not get parent workflow!")
        End If

        Me.updateResourceActivity1.UpdateParameters = New UpdateRequestParameter() {New UpdateRequestParameter(Me.Attribute, UpdateMode.Modify, Me.Value)}
        Me.updateResourceActivity1_ActorId1 = containingWorkflow.ActorId
        Me.updateResourceActivity1_ResourceId1 = containingWorkflow.TargetId

        If Me.AuthZAfterAction = True Then Me.updateResourceActivity1_ApplyAuthorizationPolicy1 = True

    End Sub

The important bit is setting the ApplyAuthorizationPolicy property to True.

In case you want to see them here are links to the full Activity and UI code:

Policy Objects to Create

Sets:

  • “Entitlements where Training is Requested”
  • “Entitlements where Training is Done”

Workflow Definitions:

  • Action: “Set Training to Done”. Uses my CustomUpdate activity as pictured above, with “Allow Authorization” ticked.
  • AuthZ: “Get Trainer Approval”. Just a standard Approval activity.

MPR “Entitlement Workflow: Initiate training request”

  • Type = Transition In 
  • Transition Set = “Entitlements where Training is Requested”
  • Action WF = “Set Training to Done”

MPR “Entitlement Workflow: Get trainer approval”:

  • Type = Request
  • Requestor = “All People”
  • Operation = Modify
  • Target before set =”Entitlements where Training is Requested”
  • Target after set = “Entitlements where Training is Done”
  • AuthZ WF = “Get Trainer Approval”

The Results

To test that I really can have an approval after an action all I need do is edit an existing entitlement and set Training to “Requested”:

Looking at the Requests log I can see that a couple of things have happened straight away:

  • My request to change the value to “Requested” is Post-Processing,
  • There is a new request to change the value to “Done” which is “Authorizing”, and
  • An approval has been created.

Going back to check the entitlement – the expected value of “Requested” is the currently committed value.

The approver responsible for saying when training is done just has to approve the pending request:

Once that is complete the entitlement object now shows a correct training status of “Done”.

 

So there we have it

It looks like it is now possible to trigger an approval from a change being made by an action workflow.

I still need to try out a few other things – like whether it makes any difference if the Sync Engine made the change – but so far it looks promising.

Post a Comment

Your email is never published nor shared. Required fields are marked *

Spam comments will be blocked by Akismet

*

best finpecia online pill buy prednisone generic Cytotec purchase overnight delivery where buy Lisinopril purchasing finpecia with overnight delivery Lisinopril overnight cod cheap order rx metformin prednisone 40 mg cheapest place to buy Metformin purchase Metformin online Maxalt no prescription needed 10mg Maxalt 10mg canada where to buy Maxalt uk buy mail order Metformin buy low cost Metformin Finpecia online prescription Finpecia prescription online next day delivery buy generic Maxalt canada buy metformin cod how to buy Metformin without a prescription Metformin price buy Alli without prescription