Asking for your opinion on integration solutions…

General Add comments
by:

Instead of telling you about a solution that we developed for a customer, this time I’m interested in getting your opinion on 3 possible integration solutions that give the same end-result, regarding:

  • ease of development
  • ease of maintenance
  • adherence to standards
  • out-of-the-box
  • ….

add your own considerations.
And maybe you have yet another solution.

Consider the following integration requirement:
– We want and external system to supply us with user – group relationship information, so that user management can be done outside of SNC
– With this interface user – group relationships can be created and removed (grant/revoke)We (sys_user_grmember)
– All inherited group roles should remain working

The chosen integration method


The identity management system will consume our webservice with the insert method and send the following information:

  • “userId”
  • “groupName”
  • “operation” – where operation is revoke/grant

Possible technical solutions

1) The scripting way
Create inbound webservice, use the transform script to handle the field mappings.
Create scripts to translate the userId and groupName to sys_ids, check for valid values and duplicate records for the “grant” operation.
For the “revoke” just delete the record and set import status to ignore (otherwise the revoke is also inserted!)

2) The point-and-click way
Add the field “u_operation” to the sys_user_grmember table with values (grant/revoke).
Create inbound webservice from target table, do nothing with the transfrom script, map the 3 fields and make userId and groupName the coalesce values.
Create business rule on sys_gr_member that deletes the current record when the operation field changes to revoke.

3) Mix and match
A combination of transform map scripting to handle the revoke operation, and field mappings with coalesce to handle the grant operation.

I’m very interested in your opinion and would like to hear from you.
Please let me know which option you would implement, and – more importantly – why.

If you have any questions you can reach me by mail on marc.herni@2e2.nl

 

Leave a Reply