Tips & Tricks - User management via a process

This article demonstrates how user groups can be created via a process. It also explains how to automate the creation and assignment of users to user groups. Finally, it provides a Groovy script for reading group memberships.

Create user group

User groups can be created in any process via a data group action. First of all, create a source for the data such as an event handler. You can define the source of the data for the new user group, such as the name, in the properties of the event handler. Connect a data group action to the event source.

Select "Add record" as the action in the data group action properties.

Select the "Set" data group from the "Users" system application as the target data group.

On the Field assignment tab, at least the following values need to be mapped to the target - the new user group in the Users module:

  • a GUID, by clicking on "User-defined value”,

    can be created and subsequently assigned

  • the classes ID 6 (Integer), which is also available by clicking on "User defined value"

    can be created and subsequently assigned

  • The object name

Once the settings and process have been saved, the new user group will be created.

Create user

New users can be created and added to a user group via a process. A Groovy script action takes care of the adding with the following script:

def user = g_om.createUser{
	container     = "System"
	name          = "user-${now().withoutFractionalSeconds}"
	loginName     = "UserU-${now().withoutFractionalSeconds}"
	emailBiz      = "user@example.org"
	description   = "User created with Groovy at ${now().withoutFractionalSeconds}"
	memberOf    = ["Users", "6AA80844C3F99EF93BF4598EB18605BF86FDD3C5"]
}

The access object "g_om" provides a structure that enables you to execute operations in the user management and organizational structure of a portal. When a user is created in this example, the following properties will be set, of which "name" and "loginName" are mandatory. All of the other properties are optional.

  • container: Container in which the user object

    is to be created. You can specify the unique name (in our example "system"), GUID, or the path of the container

  • name: The unique object name
  • loginName: The unique login name
  • emailBiz: The business email address of the user.
  • description: Description of the user object
  • memberOf: The user's group memberships can be defined from the list that is transferred.

    The unique name, the GUID (in our example "6AA80844C3F99EF93BF4598EB18605BF86FDD3C5") or the path of the group may be used in this context.

A time stamp is used to ensure the uniqueness of the user name and login ID. If, in the user management, the uniqueness of the user name and login ID is not guaranteed by the ID or a timestamp, but instead uses a different format, such as first name.last name, then a check must be run to ascertain whether a user with the same data exists already, and, if necessary, runs an appropriate error handler.

Read user's memberships

The following script can be used to determine the group memberships of a user.

def user = g_om.getUser(g_session.user.guid)
def sets = g_om.getMembershipSets(user)
def strAdminGroupGuid = "EF16F15EDA8562E19D7DD75BF2OP3001F119193C"

if (sets*.guid.contains(strAdminGroupGuid))
	return adminGroupMemberTrue
else
	return adminGroupMemberFalse

In this example, g_session.user.guid is used to read the GUID of the currently logged in user. g_om.getMembershipSets(member) returns a list with all - including subordinate - groups in which the defined user is a member. Subsequently, using an iteration through the GUIDs of the identified groups, it is possible to establish if the GUID of the "Administrators" group is included in the results. Dependent on this evaluation (in this example, the evaluation of whether the user is a member of the "Administrators" group) a corresponding value will be returned, with which, for example, when this code is used in a Groovy filter condition, subsequent steps in the workflow can be precisely controlled.