Provision/Deprovision on date
This feature is used to provide future dated access. For instance, when a user is provisioned today, but a role he was assigned with has a start date at come point in future. Consequently, the user will execute a batch task on or around this point in future, specifying the date range in minutes to grant access to the user.
This task performs two operations:
Provisioning: It loads user's entitlements collections such as UserResources, UserRoles and UserGroups, which start date lies in date range FROM -> NOW - minutes(param1), To -> NOW ... all such entitlements falling in date range are set as
ADDoperation and user is sent for provisioning with
Deprovisioning: It loads all the UserResources, UserRoles, UserGroups, UserResources whose end date lies in date range FROM -> NOW - minutes(param1), To -> NOW ... all such entitlements falling in date range are set as
REPLACEoperation and user is sent for provisioning with
UPDATEoperation. The only thing different here is that only those managed systems are entertained here, which do not already support entitlement dates at their end. Meaning they do not handle deprovisioning at end system level.
If the 'Supports date for affiliations' checkbox, as shown below, is checked during the configuration of the managed system, then this batch task does not involve the managed system, as it can handle deprovisioning on its own.
To configure this task
- Go to webconsole > Administration > Batch tasks.
- Search for Provision deprovision on date and click Edit icon on the right. You will see the window as shown below.
All the parameters for the task are already filled in. Note: Execution Script is a core logic, Spring Bean Name is a class which will be used and Spring Bean Method is method of class which will be invoked where logic is written, similar to Access Certification Reminder batch task. These values are not to be filled by the user, they are static.
param1 is the number of minutes. This parameter is to be identified by the user.
To see log for this batch task
- Go to webconsole > Administration > Log viewer.
- In Select action line search for
- Click Search. All the respective logs will be displayed.