How can I show all groups from the logged in user he/she currently is a member of?
Dries_Werckx
Customer IT Monkey ✭
I want to create a service request where a user can delete itself from groups he/she currently is a member from. For user experience I want to show the end user a list with all those groups, the user clicks the groups that need to be deleted, clicks save and an orchestrator runbook runs at the background handling the user its selection.
In the future I also want to do this for printers and maybe some other stuff. (let's say location based I want to show you only assets around your location,...)
Is this doable?
In the future I also want to do this for printers and maybe some other stuff. (let's say location based I want to show you only assets around your location,...)
Is this doable?
0
Answers
Doable but tricky. You need those objects to have a relationship to a user object and a type projection containing the group / printer / whatever and the related user. Then in the Request Offering configuration, when you configure the query results prompt, you can pick the Type Projection and then under criteria, you can select that UserHasPrinter (or whatever the relationship is called) > Username equals Portal Logged On Username.
Does that make sense?
Geoff
And then, as Geoff has said, using a Request Offering with a token that shows the information of the user that is logged on.
For what you are talking about doing,
Good luck with your solution.
I found this article that explains how to use Projections a.k.a Combination classes and create them:
https://blogs.technet.microsoft.com/antoni/2015/06/05/how-to-create-a-basic-configuration-item-view-and-type-projection-showing-computers-with-their-primary-user-and-custodian-owner/
(This person uses it for a view, but we can use it for our purpose)
There is a piece of XML on that page that looks like this:
The red box marks my question:
Any tips on how we would do this for the groups and user? Any idea where they are getting the string from in the red box? I can't seem to find any documentation.
Something along the lines of:
Where the Alias_68ce1678_a07a_45ef_9047_62530622ac05 is the Microsoft.Windows.Library.
Hope that helps
If I understand correctly I need to create an XML file which has relationship defined like this:
The source defines the object you want to have a relationship with the target, f.e: An attachement = Source | Service Request = Target
In the example you wrote | AD.Group = Source and AD.User = Target
There is still one thing I'm not sure of:
Are these the ID's of the projections you need to define in your XML?
Why not have an (advanced) request offering that uses a SR Template which contains a runbook activity as a starting activity... the runbook activity would run and grab the users AD groups, then add those groups as a comment in the SR and send an email to the user stating the groups they are allowed to request removal for.
If the user replies with confirmation they want "X" group removed, you could have that complete a review activity and trigger a manual activity for your Security Access Team stating: User wants "X" group membership removed.
SCSM Web Portal/Cireson Web Portal have limitations regarding the "flow" of how automation will be done. You may be better off following their tutorial: How to Create Custom Pages in the Cireson Portal and generating your 100% custom form using the SCSM Server Binaries SDK DLLs to complete this.
Another way that this can be done is to use the relationships on the AD Group or Business Services.
I demonstrated how this work at Innovate 2015 but in that demo it was for E-Mail distribution lists. (But it could apply to AD Security groups too)
While that solution would work also, I'm not a fan. It would take some automation to keep a relationship in sync, that already exists in AD. It always frustrated me that the user-group relationship was never brought over in to SCSM via the AD connector.
Maybe SM 2016 might solve this once and for all.
The reason we need projections and that relationship is for increasing the user experience, also the reason for this post
Thanks for your answer though! The custom pages might have opened a new door for us!
Just asked a friend that runs Windows Server 2016 TP5 and SCSM + SCORCH 2016 TP5 to check if it was already implemented, unfortunately no luck though. From what I have seen from #LyncUp it seems that Microsoft is focusing on performance of SCSM: Incident requests and the customer portal, and it will take a while before they will do anything for the Service Desk.
@everyone_reading_this:
Just to give a small update, we talked with IT management and they are putting this request on hold because we need to focus on something else now. New information will always help and change the priorities we have. Thanks for all your answers until now! If we have a solution we will post an answer here, in the meantime any new information is appreciated.
Automation will never be exempt from limitations, be it Out-Of-Box or not. The main limitation is you cannot (easily) code your own custom control that would allow you to specify a function to execute. If there was a tutorial to show creating a custom Advanced Request Offering control, much more could be done including what you've explained.
Type Projections are simply a way of tying "Enterprise Management Objects" together, they are responsible for pre-defining what information to return back. They do not automate anything by themselves, however they can be optimized by only returning what needs to be searched/viewed/updated.
A Custom Relationship offers multiple challenges:
I'm all for a better user experience. I simply wanted to suggest a solution that works within the Out-Of-Box limitations to save time and effort.
Sometimes I needed to do 100% custom solutions (like custom webpage SR submission forms). It's important that the more customizations you have, the more you should expect resistance from being helped. Remember, when you have an unsupported customization that doesn't conform to a list of pre-defined (incomplete/blanket) standards, it becomes all too easy for a troubleshooter to blame whatever issue is being reported on that customization and then insist they cannot support you.
I'm curious to know what that is, perhaps reportingRegarding new information, I see others around the forum that are below, at, or above my expertise in all sorts of different areas, it is nothing new to me to learn something new and advanced from others even after I teach them something basic in another area or vice versa. We are all specialists and being aware of that is what makes this forum mesh so well.
Let's say we read our AD with Powershell. Like the name says, "Power" we then can do everything we want with these objects.
We automate with Orchestrator to read our AD and get the -MemberOf property, foreach($user in $users){*add user to related item from groups*} #or/and foreach($group in $groups){*add group to related item from users*}
(this picture displays SR's but this could be users/groups too. I'm pretty sure about that)
Now here comes the part I don't know about:
Is it possible to then display all related config items with type user/group on the portal. Then this problem would be solved.
This would be the visual of my explanation:
(I know this is wrong, this is a relative interpretation.)