The community will be in read-only from Tuesday 11:59pm (PST) to Wednesday noon (PST)
The community will be in read-only from Tuesday 11:59pm (PST) to Wednesday noon (PST)
Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

Requesting Security via a Request type in PPMC

Highlighted
Deep Mehta
Regular Collector

Requesting Security via a Request type in PPMC

Hi

Has anyone worked on a request type for requesting security groups in PPM? Once the request is approved, can we build logic in PPM to automatically assign the security group and Licenses to Users? Can you please share the approach for this configuration?

Thanks in Advance,
Deep
10 REPLIES

Re: Requesting Security via a Request type in PPMC

Very interesting requirement. This is how I would address it.

1) Design your request form to capture the required input from the user.

2) In your workflow, create an execution step that would in turn call a function/procedure/package passing in parameters.

3) In the function/procedure/package you will need to insert information into the following tables:
- knta_users
- knta_user_products
- knta_user_security
You will also need to update the products table, knta_products by decrementing the total licenses available per user.

This is at a very high level. I'm very sure there is a lot more detail to this requirement. It would make sense going into details, if your client/customer is comfortable with such an approach.

Let me know if this helps.

- Nisha Kurien
Sachin M
Regular Collector

Re: Requesting Security via a Request type in PPMC

Hi Deep,

Yes you can wirte a PLSQL function and update some of the tables like KNTA_USER_PRODUCTS, knta_security_groups. These values should be update before you close the request and for calling this function you can add one execution step after the decision where you want to assign a license and security group.

I guess there is no OOTB configuration setting for this. This could be achived only by some workaround.

Hope this will help you and please let me know if you find some better solution for this.

Thanks,
Sachin
Deep Mehta
Regular Collector

Re: Requesting Security via a Request type in PPMC

Thanks you guys!
Nisha, I am interested in more details since this seems to be the only approach using RT for now. I have my form fields configured.
Also, I have some more questions...

1. I am trying to automatically capture current security assigned to the user in a table component while a request is being submitted. How can this be automated? Execution step again? Can not achieve this via a rule.

2. Can I use a table component again in Request type to request security or is this going to make it more complex while calling the functions?

Thanks,
Deep

Re: Requesting Security via a Request type in PPMC

Hi Deep,

Responses below:

1. I am trying to automatically capture current security assigned to the user in a table component while a request is being submitted. How can this be automated? Execution step again? Can not achieve this via a rule.
>>>> NK: Execution step provides more flexibility. Via a rule, it may take some investigation figuring the token where this information is stored (if it is stored?).

2. Can I use a table component again in Request type to request security or is this going to make it more complex while calling the functions?
>>>>>> NK: Is there a specific reason you are using a table component? Would it not be easier to use an auto complete list that allows multiple values to be selected.

Based on your design, if you are using a table component, as long as you can decode/figure the token where the user's input is stored, it would suffice, since to this function you would be passing the token values.

Let me know if you have additional questions.

- Nisha Kurien
Alexandru Saven
Regular Collector

Re: Requesting Security via a Request type in PPMC

hi,

I would definitely go for the multi-select auto-complete list, BUT i would temporarily store the results of user's choice in a staging area until some responsible role approves the user's request.

cheers
alex
Mahen M
Honored Contributor

Re: Requesting Security via a Request type in PPMC

Hi Deep,
Please do not do direct DB updates. It is not adviced by HP. Try to do the workaround webservices or through Interface tables.

I have tried to automate the user addition, I have attached the PL/SQL compatible to Mercury 6.0, Hope you need to change the table name.

Regards,
Mahendran M
Jim Esler
Honored Contributor

Re: Requesting Security via a Request type in PPMC

We have built requests that register new users and requests that add or drop security groups from existing users. These requests build entries in the knta_users_int and knta_user_security_int tables. These open interface table entries are then processed by scheduled instances of the Import Users report. This method uses OOB functionality to update the PPM database tables so we don't have to worry about subtle requirements / issues/ interdependencies.

The requests use sql queries based on OOB validations to populate security group lists, etc.
Deep Mehta
Regular Collector

Re: Requesting Security via a Request type in PPMC

Hi Jim,

I had thought about using the INT tables and using the OOTB report to import users to ADD or DROP security. I can not figure out how I can assign License to a resource with this as we don't have Product_INT table in PPM ?
The License will need to be assigned if a particular role in PPM requires it with security group. For example, a Project manager will require Project management License with Project manager security group.
How have you approached this?

Thanks,
Deep
Jim Esler
Honored Contributor

Re: Requesting Security via a Request type in PPMC

The licenses assigned to a user by the Import User report are specified in the Product Licenses field of the report. After the report runs, the affected users have exactly the licenses specified by the report, so licenses can be added and removed by the report.

Note that if the user has a Configuration license, their licenses will not be changed. User administration licenses also are not affected.

This means you need to have a unique report set up for every combination of licenses your users need. We run four reports:

1. Demand license, Add security groups
2. Demand and Change licenses, Add security groups.
3. Demand license, Add/drop security groups.
4. Demand and Change licenses, add/drop security groups.

Note that new users can only be created with the Add groups option. Only existing users can be modified with the Add/drop groups option.

Also, only one instance of the Import Users report can be running at any time or you will have hung database connections and the reports will not complete.
Deep Mehta
Regular Collector

Re: Requesting Security via a Request type in PPMC

We are going to configure this as one security group request per request(making it more generic). We will be updating PPMC DB itself directly for license and security groups using SQL functions/ packages.
Fyi... we dont need to worry about Licence count as application can figure it out by it own.
Thank you all for your feedback.

//Add this to "OnDomLoad" event