AnsweredAssumed Answered

Triggering Javascript Form Control When Entitlement Action is Selected

Question asked by Kevin Fitzgerald on Jun 2, 2020
Latest reply on Jun 4, 2020 by Jesvin Joseph

Like • Show 0 Likes0
Comment • 1

Hi,

We have some applications that are accessed through Citrix. These applications have their own internal entitlements, which we have created a request form to manage. Access to the Citrix application is managed through an Active Directory group. My goal is to make the request form function by automatically adding a user to to the Citrix AD group whenever the request access to the application. Similarly, I would like to automatically remove the Citrix AD group whenever all internal application entitlements have been removed from a user.

Initially, I looked at the rules module to handle this, but I haven't found a rule type that essentially says "only people with access to this application can be in that AD group". After that, I was able to write a Javascript form control that basically reads the text of an "Entitlement Table with Action" control on the form, and uses the text to determine if a users access is being removed or added. This should work my needs in theory, but I haven't found a good way to trigger the Javascript control. My code is:

avform.registerExprSub(null, "${avform.remove_ents}", function(e){

//HTML ID of the Entitlement Table with Actions that removes the AD group

var htmlTableId = "_187_remove_ents_ActionEntTable";

//Length of the table. For a user with no entitlements, the lengths is 1.

var tableLength = document.getElementById(htmlTableId.concat("_content")).rows.length;

//Loop through each row, to determine if any entitlements are not being removed

for (var i = 1; i <= tableLength; ++i){

//Parse the text of each row

var rowId = document.getElementById(htmlTableId.concat("_",i,"_Row")).getAttribute("rowid").split("_");

var rowInnerHtml = document.getElementById("_ItemType_CRRawEntitlement_ItemID_".concat(rowId[Id.length - 1],"_TEXT")).innerHTML.split(";")

actionType = rowInnerHtml[Math.ceil(rowInnerHtml.length/2)-1].split('&')[0]

//If any entitlements are not being removed, disable then hidden entitlement table that removes the AD group.

if (tableLength > 1 && actionType == "Remove") {

removeADGroup.value = "disabled"

}

});

The problem I'm encountering is that when the second argument for avform.registerExprSub is set to an Entitlement Table with Actions, the Javascript is not triggered whenever an action is seletected or deselected. Does anyone know of a way to trigger Javascript to run when actions are select on an Entitlement Table with Actions? Or does anyone know of a better way to accomplish my goal of automatically adding/removing these secondary type entitlements?

Thanks,

Kevin

No one else has this question

Outcomes

1 Reply

Jesvin Joseph Jun 4, 2020 7:43 AM
Mark Correct
Correct Answer
Hi Kevin,

Just a thought here - Have you considered creating an access review which runs on a daily basis that can check for users who does not have access to any of the application set, but having the AD group.? That way, you should be able to revoke the AD group.

Or how about running a custom WF on a daily basis which can check and remove the users from AD groups who does not have access to the set of applications.

Also, you should be able to configure in the provisioning WF for the applications to check if the user has the AD group. If not, provision it using a provisioning command node.

I have not tested this though, hope it works
Like • Show 0 Likes0
Actions

Triggering Javascript Form Control When Entitlement Action is Selected

Outcomes

Related Content

Recommended Content