Administrators Could Delegate the Security Function of Unlocking a Clarity Account to Designated Non-Admin Users

Administrators could delegate the security function of unlocking a Clarity account to designated non-admin users.

[Type a quote fom the 1. Create Custom Object called "Unlock Account" id="unlock_account". It is a Master document or the summary of Object. These fields must be enabled. an interesting point. You can position the text box anywhere Event Enabled in the document. Use the Text Copy Enabled Box Tools tab to change the formatting of the pull quote Export Enabled text box.] View All Enabled

2. Create Custom Attribute called "Target Account" id="targetaccount".

Attribute Name Target Account

target_account Attribute ID ID must be alphanumeric, underscore is permitted. It must not be a SQL or Clarity reserved word. Description

Lookup Data Type

Resource brow se Lookup (SCH_BROWSE_RESOURCE)

Default ( Click Save to update this field after selecting a new lookup. ) Populate Null Values with the Default Value Required

Presence Required

Read-Only ( In order to make an attribute read-only a default must be selected )

3. Autonumber ID and Name fields. 4. Default Page Layout field to "Unlock Account Default Layout". 5. Edit "Create View" to include "Target Account" and "Page Layout" only in left column:

Available Selected (Left Column) Selected (Right Column) Created By Target Account Created Date Page Layout*

Last Updated By Last Updated Date Partition~ Name ID

Add Field Move Field Move Field

6. Edit "Edit" to show only "Target Account" in left column:

Available Selected (Left Column) Selected (Right Column) Created By Target Account Created Date

Last Updated By Last Updated Date Partition~ Name ID Page Layout

Add Field Move Field Move Field

7. Edit "Target Account" in Fields to make it "Enter Once", as shown the extract below.:

Value Required

Enter Once

Hidden ( In order to make a property field hidden a default must be selected. )

8. Edit List to show "Target Account","Created by" and "Created Date".

Available Columns Selected Columns ID TargetAccount Last Updated Date Created By Name Created Date Page Layout Partition Updated By

Create a Process called "Unlock Account" id="unlock_account"

Process Name Unlock Account

Process ID unlock_account

Content Source Customer

1. Add "Unlock Account" custom object:

Object Type Unlock Account

thisUnlock Account Object Key

Available for On-demand Start No

2. Add Start Condition for AutoStart - ( Unlock Account Target Account != 'Administrator, Niku' ) 3. Set “Start Event” to “Create”. 4. Add Action to Start Step - Custom Script. 5. Give Name(“gelscript”) and ID(“gelscript”) to Custom Script step. 6. Select “Mark step action complete when script finishes (synchronous)”

Paste Script into “Custom Script” box:

“

SELECT target_account FROM odf_ca_unlock_account WHERE id='${gel_objectInstanceId}'

UPDATE CMN_SEC_USERS SET USER_STATUS_ID=200 WHERE ID=(select user_ID from srm_resources where id=${appcodetargetaccount}) ”

14. Goto Finish Step. Validate and activate Process.

Grant the Global rights “Unlock Account - Create” to the non-admin resource/group to use the Custom Object or to an OBS.

Grant the “Process - Start” right to the Process to the above selected. Grant all “Unlock Account” rights to Admin user/group.

When a user selects a Resource for the target account and presses Save or Submit, the process is invoked and the target account unlocked.

This Object was created on Partitioned Clarity.

Security Considerations:

The instance can be deleted by the user so an audit trail can be erased. You could implement notifications to concerned parties in the process or expand the SQL to limit updates to a user record. The record has a last updated field to work with. This item is to demonstrate the use of Custom Object instances to manage users within Clarity.