Skip to main content
Skip table of contents

PACS - Standard service tasks in Identity Manager

This article contains updates for 23.10.3.

PACS: Assign Entitlement

Description

Use this task to assign an entitlement to a person.

The task works on three different core objects:

  • The 'Person'. This is the identity which gets an entitlement assigned.

  • The 'Entitlement'. This is an entity in Identity Manager which represents an entitlement (or 'access profile') at the PACS system.

  • The 'Assignment'. This is an entity that stores properties of the assignment request and attributes returned from the PACS system (like the external id). Usually an 'Assignment' will be stored as Request.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsAssignEntitlementParametrizedTask}

The following parameters can be configured in Identity Manager Admin: 

 Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

entitlementAssignmentDataPoolName

(tick)

Example value:

  • Request

The name of the data pool for core objects, that stores the assignment, for example, 'Request'.

entitlementAssignmentExternalIdFieldName

(tick)

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'.

targetEntity

(tick)

Example values:

  • 'person' or 'PERSON' (for a person)

  • other values (for an access rule)

The assignment is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the assignment is done on the person entity. By providing any other values, the assignment is done on the access rule.

relatedEntitlementsCoreObjectDescriptorList



Contains a list of entitlements related to the entitlement to be assigned. Mostly used to associate a room with a time zone.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Create Group Membership

Description

Use this task to create a group membership in Smart ID Physical Access component. Group membership means, assigning an existing person to an existing group.

The task works on three different core objects:

  • The 'Person'. This is the identity which gets a group assigned.

  • The 'Group'. This is an entity in Identity Manager which represents an group at the PACS system.

  • The 'Membership'. This is an entity that stores properties of the membership request and attributes returned from the PACS system (like the external id).

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsCreateGroupMembershipParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

groupMembershipDataPoolName

(tick)

Example value:

  • Request

The name of the data pool for core objects, that stores the group membership.

groupMembershipExternalIdFieldName

(tick)

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the membership is stored.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Create or Update Card

Description 

Use this task to send a request to PACS to create (if non existent) or to update (if exists) a card.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsCreateOrUpdateCardParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

cardStateFieldName

(tick)

Example value:

  • Meta_CoreObjectState_PcmDpEmployeeCard

The card data pool field name where Identity Manager stores the state of the person.

cardActiveStates

(tick)

Example value:

  • 'active,enabled'

A comma separated list of supported active card states in Identity Manager.

cardType

-

Valid values:

  • 'mifare'

  • 'em'

Optional. The type of a card. Physical Access component accepts two types: 'mifare' and 'em'.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Create or Update Person

Description

Use this action to send a request to PACS to create (if non existent) or to update (if exists) a person.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsCreateOrUpdatePersonParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

personStateFieldName

(tick)

Example value:

  • Meta_CoreObjectState_BaseDpEmployee

The person data pool field name where Identity Manager stores the state of the person.

personStates

(tick)

Example value:

  • 'active,enabled'

A comma separated list of supported active person states in Identity Manager.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Fetch Entitlements

Description

Use this action to fetch entitlements of a given type or several types from a PACS system. Currently supported: Physical Access component. The fetched entitlements are stored as core objects.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsFetchEntitlementsParametrizedTask}

 The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

coreTemplateName

(tick)


The name of the core template in which the entitlements shall be stored.

entitlementTypesField

-

Example value:

  • Request

The name of the data pool for core objects, that store the assignment with the external id.

listOfEntitlementTypes

-

Valid values:

  • DEFAULT

  • ZP

  • ZPC

  • RZ_TZ

  • DG_TZ

  • D_TZ

Zero or more comma separated values from the list: DEFAULT, ZP, ZPC, RZ_TZ, DG_TZ, D_TZ

coreObjectDescriptorOutputField

-


List of the core objects that were saved into the database. In this service task, the list contains entitlement objects, since the task saves entitlements into the database.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Manage Access Groups

Description

Use this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) a group.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsDealWithGroupParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the core template in which the entitlements shall be stored.

deleteFlag

(tick)

Valid values:

  • true

  • false

Flag for indicating whether the group should be created/updated (false) or if the group should be deleted (true).

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Manage Access Rules

Description

Use this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) an access rule.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsDealWithAccessRuleParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

deleteFlag

(tick)

Valid values:

  • true

  • false

Flag for indicating whether the access rule should be created/updated (false) or if the access rule should be deleted (true).

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Withdraw Entitlement

Description

Use this task to withdraw an entitlement from a person.

  • For Physical Access component there has to be a Request with the entitlement assignment id in the process map.

The task works only on the core object 'Assignment'. This is an entity that stores the external id of the EntitlementAssignment within Physical Access component. Usually a Request is used to hold this information.

Configuration

To use this task, configure the following delegate expression in your service task:

CODE 
${pacsWithdrawEntitlementParametrizedTask}

The following parameters can be configured in Identity Manager Admin: 

 Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

entitlementAssignmentDataPoolName

(tick)

Example value:

  • Request

The name of the data pool for core objects, that store the assignment with the external id.

entitlementAssignmentExternalIdFieldName

(tick)

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the assignment is stored.

targetEntity

(tick)

Example values:

  • 'person' or 'PERSON' (for a person)

  • other values (for an access rule)

The withdrawal is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the withdrawal is done on the person entity. By providing any other values, the withdrawal is done on the access rule.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

PACS: Withdraw Group Membership

Description

Use this task to withdraw a group membership in Physical Access component.

Configuration

To use this task, configure the following delegate expression in your service task. There has to be a Request with the group membership id in the process map.

CODE 
${pacsWithdrawGroupMembershipParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pacsName

(tick)


The name of the PACS system to communicate with.

groupMembershipDataPoolName

(tick)

Example value:

  • Request

The name of the data pool for core objects, that stores the group membership.

groupMembershipExternalIdFieldName

(tick)

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the membership is stored.

messageId

-

Name of the defined Message Intermediate Catch Event, that will be sent to the PACS system.

Message Intermediate Catch Event must be defined after a Physical Access service task.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close