isMemberOf(): How do I use this when trying to find if any user, (i.e., NOT the user currently logged in), is a member of a specific group?

shawnclune · ‎03-22-2021

BACKGROUND:

A client is adding members to one (or all) of three (3) groups. If the user is a member of any of the groups, they are then considered a VIP user and the VIP "flag" on their user record should be set to "True".

Likewise, when a user is no longer a member of the three (3) groups, the VIP "flag" on their user record should be set to "False".

The client realizes that this should be done in AD and simply 'carried forward' into the LDAP import (transform) and set up that way, but for now, they are not utilizing any field in AD to consistently indicate a user as having VIP status.

SOLUTION:

I have created a simple FLOW using Flow Designer to accomplish the first half - setting the VIP "Flag" to true on a User's record when they are added to any one of the three (3) groups.

Trigger = Record created on the [sys_user_grmember] table.

Actions = Set the VIP field on the user's [sys_user] record to "True"

NOTE:

It just occurred to me that I have ONLY tested the FLOW when I manually add a user to one of the three VIP groups. I have NOT tested the FLOW after the LDAP import has run and pulled a user into one of the three VIP groups.

I could not figure out how to do the second part using Flow Designer ... and no-code.

I am struggling with the second part - setting the VIP "Flag" to false on the User's record when they have been removed from all three (3) of the groups.

RESEARCH/ATTEMPTS:

I have researched using 'isMemberOf()', but it appears that this will ONLY work for the user who is currently logged in.

Is that true?

I want to be able to do something like this (using text only):

Query all of the User Records where the VIP field = TRUE
Then (While), using the results of the query above, check to see if the user is a member of one of the three (3) groups

(here's where I think the script will start to fail if I use isMemberOf)

If the user is still a member of any one of the three (3) groups, do nothing
If the user is NOT a member of one of the three groups, set the VIP field for that user = FALSE.

Also, how should this be run?

As a Business Rule? If so, when?
As a Scheduled Job? If so, would you run it daily after the LDAP import runs?

Ultimately, I would like it to be part of the LDAP import.

Ultimately Ultimately (squared) ... I would like BOTH parts, (i.e., setting the VIP field to TRUE or FALSE to be part of one 'script').

Ultimately Ultimately Ultimately (cubed):

I would like this whole topic to be a new series for Chuck and Dave to talk about ... where one could examine concepts like:

Should we even attack the issue this way, (i.e., using isMemberOf or should we create a new role called something like "orgname_vip" and instead use the "hasRole" approach?), or
Should we create a new group type value called "VIP" and use that approach, or
Is there the opportunity to do something clever by creating a ScriptInclude?

Thoughts? Advice? Guidance?

Appli · ‎03-22-2021

Hi, may be you can use the logic in flow, please check in Staging environment.

Hope it helps

Assuming LDAP load is scheduled at 18:30, you can trigger a flow at 19:00

Step 5 - set VIP as false, Step 7 - Set VIP as true

How 7 looks like (just for the reference):

Hope it helps

View solution in original post

Ravi Peddineni · ‎03-22-2021

@shawnclune - You can actually check that while transforming the user data into the system using transform scripts. After transform script would just do fine for this.

If you want to keep the same functionality for manual updates also, then it comes under a core Business requirement and in this case Business Rule on sys_user_grmember is suggested solution.

If you want to go with the flow designer approach, you need to have two flows. One is for Record Created/Updated trigger and other one is for Record Deleted trigger. Both the flows will do the same action.

Look up the other sys_user_grmember records with specific VIP groups & current user.
If records found, next check should be if the user is VIP already. If yes, end the flow. Else, update the VIP status to true.
If no record found, next check should be if user is VIP. If yes, update the user record by making VIP status to false. Else, end the flow.

shawnclune · ‎03-22-2021

Ravindranath,

Yes, I am aware of the option to do an 'AFTER SCRIPT' as part of the transform process, but I'm still stumped on what the script should be if I cannot use 'isMemberOf()' in the script.

As for doing the DELETE part in a FLOW, I didn't see (or don't believe there is) an option for a Trigger of 'Record Deleted'. I only saw the options for Record where the action is:

Created
Updated
Created/Updated

Regards,

- Shawn

Ravi Peddineni · ‎03-22-2021

@shawnclune

Sorry my bad. I was confused with Business Rule Delete trigger with the flow designer.

In this case you have to look at the options to trigger the flow from the Business Rule script that is present on sys_user_grmember table with created, updated, deleted checked. Here is the documentation to trigger flow from script: Scripting with Flows, Subflows, and Actions

shawnclune · ‎03-22-2021

CRUD! No pun intended.

I was hoping that you knew something that I didn't know! 🙂

- Shawn

Ravi Peddineni · ‎03-22-2021

@shawnclune

Sorry my bad. I was confused with Business Rule Delete trigger with the flow designer.

In this case you have to look at the options to trigger the flow from the Business Rule script that is present on sys_user_grmember table with created, updated, deleted checked. Here is the documentation to trigger flow from script: Scripting with Flows, Subflows, and Actions