Disable users after specified date
Contents
Here's a sample configuration to make the users referencing a securityScope to be disabled after a certain date (stored in an attribute of the user object).
Important note
You must never disable the Administrator user.
Step-by-step
| 1. | Add an attribute named expirationDate to the user object in the schema (and reimport it) |
<xs:attribute name="expirationDate" type="xs:dateTime" use="optional"></xs:attribute>
| 2. | Create a workflow that disables the given users: |
<?xml version="1.0" encoding="utf-8"?>
<wfres:workFlow xmlns:wfres="http://www.teradp.com/schemas/GN4/1/WFRes.xsd">
<!-- Disable the users --> <SequentialWorkflow x:Name="mainWorkflow" xmlns="http://www.teradp.com/schemas/GN4/1/Workflow/Activity" xmlns:gn4wf="http://www.teradp.com/schemas/GN4/1/Workflow" xmlns:common="http://www.teradp.com/schemas/GN4/1/Common" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:wf="http://schemas.microsoft.com/winfx/2006/xaml/workflow" xmlns:sys="clr-namespace:System;assembly=mscorlib" xmlns:coll="clr-namespace:System.Collections;assembly=mscorlib">
<ObjectsReplicator x:Name="replicator" ObjectIds="{wf:ActivityBind mainWorkflow, Path=ObjectIds}">
<LoadObjects x:Name="Object" ObjectIds="{wf:ActivityBind replicator, Path=ObjectIdsOut}">
<ImportXml x:Name="import" XmlIn="{wf:ActivityBind Object, Path=XmlOut}" />
</LoadObjects> </ObjectsReplicator> </SequentialWorkflow>
<!-- stylesheet that disables a user --> <inopt:XmlImportOptions wfres:activityName="import" xmlns:inopt="http://www.teradp.com/schemas/GN4/1/XmlImportOptions.xsd" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:gn4="urn:schemas-teradp-com:gn4tera" Validate="false" NewVersion="true" CopyAlways="false" SpikeChildren="true" Overwrite="true"> <inopt:Xslt> <user> <xsl:attribute name="id"> <xsl:value-of select="@id" /> </xsl:attribute>
<xsl:attribute name="disabled">true</xsl:attribute>
</user> </inopt:Xslt> </inopt:XmlImportOptions>
</wfres:workFlow> |
| 3. | Create the expirationRule: |
| 4. | Create a partition referencing the newly created expiration rule: |
| 5. | Create a security scope referencing the newly created partition. |
<?xml version="1.0" encoding="utf-8"?> <securityScope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Expiring Users" xmlns="urn:schemas-teradp-com:gn4tera"> <description>Scope used to make the users expire</description> <access> <securityAccess objectType="group"> <keyVal>Administrators</keyVal> <grant>all</grant> </securityAccess> <securityAccess objectType="group"> <keyVal>Everyone</keyVal> <grant>RefReadNormal</grant> </securityAccess> </access> <partitionRef> <keyVal>objectAttribute</keyVal> </partitionRef> </securityScope> |
| 5. | Create a user referencing the security scope: |
<user name="NewUser"> <scopeRef> <keyVal>Expiring Users</keyVal> </scopeRef> <groups> <groupRef> <keyVal>Everyone</keyVal> </groupRef> </groups> <expirationDate /> </user> |
The expirationDate can be modified in the "edit user" window.
The Back4 cleanup process will execute the DisableUser workflow for every user with an expirationDate in the past.