Custom Business Logic - Hitachi ID Identity Manager
The Hitachi ID Identity Manager workflow engine externalizes business logic into plugin programs, which are typically implemented as short scripts responsible for very specific functions. Business logic is typically written in Python but any language can actually be used.
Examples of workflow business logic include:
- Limiting which users can make change requests at all.
- Limiting which user profiles a given requester can see (e.g., a manager can see his subordinates, but should the subordinates be able to see the manager's profile?).
- Limiting the resources that a given requester can make changes to (e.g., some users may be able to change their LDAP profile, but perhaps not their mainframe or ERP access rights).
- Limiting the operations that a given requester can initiate (e.g., create a new user, terminate existing accounts, modify attributes or group memberships, etc.).
- Validating user profile attributes entered through the request portal -- for example, ensuring that things like department codes are legitimate, and that the value of one form input is consistent with another.
- Auto-setting user profile attributes -- for example login IDs, e-mail addresses, file- and mail-server locations and directory OUs.
- Routing completed requests to appropriate authorizers, such as a requester's manager, resource owners, etc.
Custom Logic Survives Version Upgrades