• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Password Manager
  • Download evaluation
  • Releases
  • CC Certification
• Solutions
  • Security, Governance and Regulatory Compliance
  • Reduce IT Support Cost
  • Improve User Service
• Support
  • Shipping products
  • Supported versions
  • Customer Portal
  • Create Incident
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Certified Resellers
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Partner Programs

Technology Custom Business Logic

  

Custom Business Logic

The Hitachi ID Identity Manager workflow engine externalizes business logic into plugin programs, which are typically implemented as short scripts responsible for very specific functions. Business logic may be executed in-process, using a built-in scripting language (PSLANG) or out-of-process, using any programming language (Python, C, C++, Java, Perl, VB, etc.).

Examples of workflow business logic include:

1. Limiting which users can make change requests at all.
2. Limiting which user profiles a given requester can see (e.g., a manager can see his subordinates, but should the subordinates be able to see the manager's profile?).
3. Limiting the resources that a given requester can make changes to (e.g., some users may be able to change their LDAP profile, but perhaps not their mainframe or ERP access rights).
4. Limiting the operations that a given requester can initiate (e.g., create a new user, terminate existing accounts, modify attributes or group memberships, etc.).
5. Validating user profile attributes entered through the UI -- for example, ensuring that things like department codes are legitimate, and that the value of one form input is consistent with another.
6. Auto-setting user profile attributes -- for example login IDs, e-mail addresses, file- and mail-server locations and directory OUs.
7. Routing completed requests to appropriate authorizers, such as a requester's manager, resource owners, etc.

In practice, it is more efficient to manage this sort of business logic using a small number of self-contained scripts, than to embed code snippets into hundreds of graphical or table-driven workflow objects.

Custom Logic Survives Version Upgrades

All customization and configuration is accomplished using a combination of settings enabled through the administrative web GUI, plugin programs and exit programs, all of which are separate from the core Identity Manager binaries and M4 user interface definition files.

This separation between core product capabilities and customer modifications has the two big benefits:

• Customizations are safe, in the sense that they cannot break core product capabilities or logic.
• Customizations survive upgrades, since they are clearly separated from the core product (compare to ASP or JSP applications, where customizations are intermingled with core product code).

© Hitachi ID Systems, Inc. . All rights reserved.