Mapping Users

Mapping resources is an administrative task that will typically be performed before users start using the TIBCO BPM application.

Mapping resources can then be performed on an ongoing basis as resources are added or removed from the system, or if the organization model is revised (new positions, groups, etc.).

Mapping resources involves assigning resources to specific groups and/or positions in an organization model, which results in the resources receiving work items that are sent to the groups/positions to which the resources have been mapped. Resources can be mapped to:

  • A group, which represents a job type within the organization. It allows resources to be grouped by their job characteristics.

    Groups can be hierarchical, i.e., you can have parent groups with sub groups. For example, you can have a CustomerServiceRepresentative group with subgroups of MotorInsuranceSpecialist, TravelInsuranceSpecialist, and HomeInsuranceSpecialist. Typically, sub-groups are specializations of the parent group. Groups can be nested several layers deep.

    If a group has sub-groups, you can assign resources to either the parent group or the sub-group. Resources that belong to sub-groups receive work items that are offered to their parent groups, as well as to the sub-group to which they belong. Using the example above, resources in the MotorInsuranceSpecialist group will also receive work items offered to the CustomerServiceRepresentative group.

  • A position, which represents a set of responsibilities for a job within an organization unit. It allows resources to be grouped by job responsibility.

    Positions are subordinate to an organization unit in the organization model. An organization unit can have many positions. For example, you can have a TravelInsurance organization unit with positions of OfficeManagerTravel and TravelInsuranceCSR. Positions cannot be nested, although organization units can.

    Resources can be mapped to positions, but not organization units.

    Resources that belong to a position receive work items offered to the position, as well as work items offered to the organization unit that is the immediate parent of the position.

Before a resource can be mapped to group or position, the resource must be created. This is accomplished with the createResource operation. Creating the resource assigns a GUID to that resource.

After being created, a resource can log into an ActiveMatrix BPM application, even if the resource has not been mapped to a group or position yet; the resource would not have access to any work items, however, as work items are only sent to resources mapped to groups or positions.

Also note that you will see references to whether or not a resource exists; a resource exists if it has been created with the createResource operation.

The following diagram shows an example of how calls to the Directory Services APIs can be used to map users.

Mapping a User

The following step-by-step descriptions correspond to the numbered steps in the illustration above. Note that the descriptions are from a web service operation point of view, and provide an example of performing the operations using the web service API (SOAP). (For an equivalent example using the Service Connector API (Java), see Mapping a Resource — Service Connector API Example (Java).)

Procedure

  1. Use the getOrgModel operation to get details about the entities in an organization model identified by its major version number (you can obtain the major version numbers using the listOrgModelVersions operation).

    The response from the getOrgModel operation provides GUIDs for all entities in the organization model, including the positions and groups to which users can be mapped. 

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:org="http://orgmodel.api.de.bpm.tibco.com">
   <soapenv:Header/>
   <soapenv:Body>
      <org:getOrgModel model-version="1" include-resource-counts="false" include-calendar-alias="false"/>
   </soapenv:Body>
</soapenv:Envelope>
    		 
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <getOrgModelResponse model-version="1" xmlns="http://orgmodel.api.de.bpm.tibco.com">
         <capability guid="_jxFQ8GOREeG8wf89r27lCA" label="Capability1" name="Capability1" xmlns="">
            <qualifier guid="_AaKdYHjfEeGc4c1t73-GyA" label="qualifier" name="qualifier" type="String"/>
         </capability>
                   .
                   .
                   .
    <group guid="_k7vGMGOREeG8wf89r27lCA" label="Group1" name="Group1" xmlns="">
            <allocation-method method="ANY"/>
                   .
                   .
                   .
            <privilege-holding guid="_n6_soGOREeG8wf89r27lCA" label="Privilege2" name="Privilege2"/>
         </group>
                   .
                   .
                   .
    <position guid="_t5xyUH43EeGb7vbJ2jwDvw" ideal-number="1" label="Position2" name="Position2">
                  <allocation-method method="ANY"/>
                  <location guid="_XLsQ0H43EeGb7vbJ2jwDvw" label="Location2" name="Location2"/>
                  <privilege-holding guid="_nhXrsGOREeG8wf89r27lCA" label="Privilege1" name="Privilege1">
                     <qualifier-value>Value1</qualifier-value>
                     <qualifier-value>Value2</qualifier-value>
                  </privilege-holding>
                  <privilege-holding guid="_ziMZQGOREeG8wf89r27lCA" label="Privilege4" name="Privilege4"/>
               </position>
                   .
                   .
                   .
         <resource-attribute guid="_nEpqQGnCEeGuucqjClDSkg" label="TimeAttribute" name="TimeAttribute" type="Time" xmlns=""/>
      </getOrgModelResponse>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
  2. Use the listContainers operation to list the LDAP containers to which you (the calling user) have access. LDAP containers contain resources that can be mapped to groups and positions in the organization model.

    The response from listContainers provides names, descriptions, and other information about each container, as well as the container ID (id attribute). 

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:dir="http://directory.api.de.bpm.tibco.com">
   <soapenv:Header/>
   <soapenv:Body>
      <dir:listContainers/
   </soapenv:Body>
</soapenv:Envelope>
    		 
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <listContainersResponse xmlns="http://directory.api.de.bpm.tibco.com">
         <ldap-container active="true" description="Eastern Region" id="2" last-accessed="2012-07-27T17:36:28.107Z" name="Eastern" xmlns="">
            <primary-ldap ldap-alias="easyAs" ldap-query="(cn=*)" resource-name-attributes="ou"/>
         </ldap-container>
         <ldap-container active="true" description="Western Region" id="3" last-accessed="2012-07-27T17:37:12.113Z" name="Western" xmlns="">
            <primary-ldap ldap-alias="easyAs" ldap-query="(cn=*)" resource-name-attributes="ou"/>
         </ldap-container>
         <ldap-container active="true" description="Regional" id="4" last-accessed="2012-08-01T15:02:17.287Z" name="Regional" xmlns="">
            <primary-ldap ldap-alias="easyAs" ldap-query="(cn=*)" resource-name-attributes="ou"/>
            <secondary-ldap ldap-alias="deLdap2" ldap-query="(cn=*)" resource-name-attributes="cn">
               <primary-link primary-attribute="ou" secondary-attribute="displayname"/>
            </secondary-ldap>
         </ldap-container>
      </listContainersResponse>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
  3. List the available resources (candidates) in the specified LDAP container.

    The listCandidateResources operation can be used to list:

    • all resources in the container by passing "ALL" in the include attribute,
    • the existing resources (that is, those that have been created already with the createResource operation) by passing "EXISTING" in the include attribute, or
    • the resources that do not exist yet (that is, the resources in the container that have not been created yet with the createResource operation) by passing "NON-EXISTING" in the include attribute.

      The response from the listCandidateResources operation provides an ldap-dn for all available resources; for resources in the container that already exist, the resource’s GUID is also returned. 

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:dir="http://directory.api.de.bpm.tibco.com">
   <soapenv:Header/>
   <soapenv:Body>
      <dir:listCandidateResources container-id="4" include="ALL"/
   </soapenv:Body>
</soapenv:Envelope>
      		 
      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <listCandidateResourcesResponse container-id="4" include="ALL" xmlns="http://directory.api.de.bpm.tibco.com">
         <candidate ldap-alias="easyAs" ldap-dn="OU=Jon Parkin, OU=Paris, OU=AllEmployees, O=easyAsInsurance" name="Jon Parkin" xmlns="">
            <secondary-ref ldap-alias="deLdap2" ldap-dn="UID=jparkin, OU=employees, O=insuranceServices"/>
         </candidate>
         <candidate ldap-alias="easyAs" ldap-dn="OU=Leon Court, OU=Paris, OU=AllEmployees, O=easyAsInsurance" name="Leon Court" xmlns="">
            <secondary-ref ldap-alias="deLdap2" ldap-dn="UID=lcourt, OU=employees, O=insuranceServices"/>
         </candidate>
         <candidate guid="CAE61197-03C6-4F41-BFFF-AF34B6DC5AAB" ldap-alias="easyAs" ldap-dn="OU=Liam Lawrence, OU=London, OU=AllEmployees, O=easyAsInsurance" name="Liam Lawrence" xmlns="">
            <secondary-ref ldap-alias="deLdap2" ldap-dn="UID=llawrence, OU=employees, O=insuranceServices"/>
         </candidate>
      </listCandidateResourcesResponse>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
  4. Create the resource(s) that you want to map; you can skip this step if you are mapping only resources that already exist (that is, they have already been created and have a GUID assigned to them).

    Use the createResource operation to identify the LDAP container in which the resource resides, as well as the ldap-dn, which identifies the resource. If a secondary LDAP source is defined for the container, you must also identify that source in the request.

    The response from the createResource operation returns the GUID that is assigned to the resource when it is created. It also contains an already-present attribute that tells you whether or not the resource was already created. 

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:res="http://resource.api.de.bpm.tibco.com">
   <soapenv:Header/>
   <soapenv:Body>
      <res:createResource > <candidate ldap-alias="easyAs" ldap-dn="OU=Jon Parkin, OU=Paris, OU=AllEmployees, O=easyAsInsurance" container-id="4" name="Jon Parkin"  > <secondary-ref ldap-alias="deLdap2" ldap-dn="UID=jparkin, OU=employees, O=insuranceServices"/ > </candidate
      </res:createResource>
   </soapenv:Body>
</soapenv:Envelope>
    		 
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <createResourceResponse xmlns="http://resource.api.de.bpm.tibco.com">
         <entity already-present="false" container-id="4" guid="0909B162-1E55-4C74-98E9-A9BCE4D62486" label="Jon Parkin" ldap-alias="easyAs" ldap-dn="OU=Jon Parkin, OU=Paris, OU=AllEmployees, O=easyAsInsurance" name="Jon Parkin" xmlns=""/>
      </createResourceResponse>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
  5. Map the resource(s) to the desired groups or positions using the updateResource operation.

    The updateResource operation request identifies the resource, as well as the groups and positions to which you are mapping the resource; they are all identified with GUIDs. (Note that the updateResource operation can be used to also assign privileges, capabilities, locations, resource attribute values, and so on.)

    The response from the updateResource operation acknowledges the update by returning properties for the updated resource. 

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:res="http://resource.api.de.bpm.tibco.com">
   <soapenv:Header/>
   <soapenv:Body>
      <res:updateResource model-version="9" > <resource guid="0909B162-1E55-4C74-98E9-A9BCE4D62486" > <remove-position guid="_-j8iYMoOEeG-IPt6GUFXxA"/ > </resource > </res:updateResource
   </soapenv:Body>
</soapenv:Envelope>
    		 
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <updateResourceResponse xmlns="http://resource.api.de.bpm.tibco.com">
         <resource container-id="4" container-name="Regional" guid="0909B162-1E55-4C74-98E9-A9BCE4D62486" label="Jon Parkin" model-version="9" name="Jon Parkin" resource-type="HUMAN" xmlns="">
            <ldap-reference ldap-alias="easyAs" ldap-dn="OU=Jon Parkin, OU=Paris, OU=AllEmployees, O=easyAsInsurance">
               <secondary-ref ldap-alias="deLdap2" ldap-dn="UID=jparkin, OU=employees, O=insuranceServices"/>
            </ldap-reference>
         </resource>
      </updateResourceResponse>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>