Product Overview
BPM SecurityProvider (Ganimedes) is a module that extends the original mechanism for synchronizing user and group data in IBM' process management systems: IBM BAW (IBM Business Automation Workflow) and IBM BPM (IBM Business Process Manager).
IBM BAW user attributes
User attributes in the IBM BAW system are defined by the creators of process applications and their definitions are placed in tool libraries or in the applications themselves. Some of the predefined attributes are in the "SystemData" tool library supplied by the manufacturer of the IBM BAW system. They are used in the following functionalities:
- E-mail notifications - system user notifications about pending tasks in the IBM BAW system - predefined appropriate attributes in the "SystemData" tool library based on which the system knows whether to send a notification and to which email address of the user (these include the attributes "Task Notification", "Portal Notification New Task To Me", "Task Email Address").
- Presentation of user data in the stream (instance history) and data concerning experts are also presented based on
predefined user attributes, which are defined in the "SystemData" toolkit.
- Attribute values can be used in process application services using the methods of the user object built into the IBM BAW system (example):
We can use this data for example:
var user = tw.system.org.findUserByName("scichy");
/* ... */
userAttrs = user.attributes;
userAttrs.getPropertyValue("Task Email Address");
/* ... */- to build our own notification services (notifying users)
- as criteria in decision gates
- as values presented on task forms
- as criteria for data search
- as data for task assignment mechanisms
Data synchronization in IBM BAW
The original IBM solution assumes the following user data synchronization architecture:
- LDAP/AD – external user repository.
- ProcessAdmin – IBM BAW administration console.
- ProcessPortal – IBM BAW user job portal.
- WIM (Websphere Identity Manager) – user repository management mechanism.
- IBM BAW (BAW Process Management) – BAW system applications.
- SecurityCore - a class instance integrating user data exchange between WIM and IBM BAW.
The originally implemented mechanism allows for synchronization of only basic data (user name + full user name).
Updating user attributes in IBM BAW
Currently, in the IBM BAW solution, user attributes are updated in the ProcessAdmin console using the "Bulk assignment of user attributes" form:
Some basic user attributes such as:
- Job Title
- Phone Number
- Email Address
- User avatar
- Language
can be set by the user themselves in ProcessPortal in the profile form:
All operations must be performed manually, which can be very troublesome for a very large volume of user data.
Data synchronization with BPM SecurityProvider
BPM SecurityProvider (Ganimedes) is a mechanism that extends the basic functionality available in IBM BAW related to synchronizing user data. Through appropriate configuration, it allows synchronization and management of all BAW user attributes from the LDAP/AD user repository:
- LDAP/AD – external user repository.
- ProcessAdmin – IBM BAW administration console.
- ProcessPortal – IBM BAW user job portal.
- WIM (Websphere Identity Manager) – user repository management mechanism.
- IBM BAW (BAW - Process Management) – BAW system applications.
- LdapSecurityCore - a class instance integrating the exchange of user data between the LDAP/AD user repository and IBM BAW. It allows for synchronization of any attributes stored in the repository.
- SecurityCore - a class instance integrating the exchange of user data between WIM and IBM BAW. It allows for synchronization of only basic data (user name + full user name).
Updating user attributes from BPM SecurityProvider
Using BPM SecurityProvider (Ganimedes), we can update user attributes from the ProcessAdmin console using the
"User Synchronization" form when calling the synchronization action:
Attribute synchronization also takes place when the user logs into ProcessPortal. The user does not have to update data manually:
Data update actions are performed almost automatically and using native methods built into the IBM BAW system.