Hyland Connect

Anthony_Rowlan1 · ‎05-09-2018

I'm in a unique position where we are using Enhanced AD along with Custom OnBase groups due to the granular overlapping between departments. It's a nightmare to maintain, so I'm looking to see if anyone has utilized the Unity API with a unity form that could possibly query the database and populate drop downs with OnBase security groups/usernames dependent upon the user opening the form?

What I'm wanting to do: I'd like for a manager to open up an OnBase request(unity) form, and upon opening, it lists all groups, workflows, and users within that managers department(queries the database). Once it's loaded, they can select the new user, and select what workflows, and document types they want, OR select another user to mirror. Then upon submitting the form, the API performs the update.

My coworker and I spend about 10 hours a week dealing with this since we have such a high turnover for our call center. We are the only 2 admins for Onbase and we also manage around 6 other applications so 10 hours is a lot to recoup if we could automate this in some for or fashion.

Alex_French · ‎05-09-2018

This seems like it should be doable if you're comfortable with the API and C# in general, and maybe comfortable spelunking in database to retrieve information too. Here are some disjointed thoughts:

1) For info to display to the form submitter, you can probably figure out getting user/usergroup dataset information either using SQL or using a Unity Script. If you want to translate that into "what does this usergroup have access to", you'll have to use database queries that will get more complicated. So, if you can possibly define everything just based on groups, keep it that way (instead of displaying the things they have access to).

2) If you're spending 10 hours/week right now, I would try something incremental- first, write some API code that can be run outside of OnBase (if you have the license to to that), in LINQPad or VSCode or a little command line C# app.

Figure out just enough API code to "add user A to group B", and use that as a tool to make your life a little easier for a few weeks.

Then set it up to read a simple text file to do a list of those operations, and use that to make your life a little easier for a few weeks.

Then think about integrating that into Workflow, with just you as the "user" submitting a Unity Form.

THEN find the last details/challenges to make it a process that an end user can drive without no interaction from you.

3) Via the API, I believe any user an retrieve a little info about their own groups, and users with the right permissions can use a totally different object to retrieve info about other users/groups and/or to actually manage other users. I'm not 100% sure how this behaves in the context of different types of Unity Scripts (e.g. a Workflow script vs. a DataSet or Autofill script). My guess would be that you might retrieve the information you need using a Unity Script running in the context of the end user, but that you'll need to do user management in a Timer running as a user with other permissions (or elevate permissions inside a Unity Script running as the user, and I'm 99% sure that is entirely possible but there is no good way to do it).

4) Do you use Security Keywords? If so, good news! The API can set those too.

It definitely seems like a neat little project. I've done enough similar things that I might have ideas on any specific technical questions you ask on Community, or feel free to email at alexander.f.french@dartmouth.edu.

Anthony_Rowlan1 · ‎05-10-2018

Thank Alex. I am completely comfortable writing in C# as well as complex database queries. You're approach is similar to what my plan is. I just wanted to see if someone had already done this before I go down this path, so I could get some pointers and precautions from other developers experiences. I appreciate the time you've given to your response.

Aki_Daiguji · ‎05-11-2018

Hi Anthony,

In addition to Alex French's suggestion (and thank you Alex for the detailed suggestion), if you use the External Keyword Dataset Unity script, you can add the Dataset to the Unity Form as a dropdown, and in the Unity script, use Application.CurrentUser.Name to get the name of the current user (which should be the same username in your Active Directory), and take that username and access your external database to get the filtered results based on the current user.
Since the External Keyword Dataset Unity script will be executed on the AppServer, as long as your AppServer have access to this external database, the script should be able to call out to it without giving access to the database to client workstations.

That being said, it sounds like what you are trying to do is to give Workflow and Document Type permission to a new user. If this is correct, the closest thing you can do is to assign the new user to a usergroup that already has permission to these Workflow and Document Types. You cannot modify which usergroup has access to which Workflow or Document Type via the Unity API, but you can add/remove a user to a usergroup.

You also can't see which usergroup has access to which Workflow or Document Type via the Unity API, so this is also something to consider.

Hyland Connect

Using API with OnBase security groups to automate custom security requests.