--- title: User create event with two roles workflow example description: In this example, an administrator creates a workflow that submits a separate request to add two roles to the newly created user. The script is triggered when a user create event occurs. component: pingoneaic page_id: pingoneaic:identity-governance:administration/example-user-create-event-two-roles-workflow canonical_url: https://docs.pingidentity.com/pingoneaic/identity-governance/administration/example-user-create-event-two-roles-workflow.html keywords: ["workflows", "use cases", "examples", "events", "user create event", "roles"] section_ids: assumptions: Assumptions example: Example --- # User create event with two roles workflow example In this example, an administrator creates a workflow that submits a separate request to add two roles to the newly created user. The script is triggered when a user create event occurs. ## Assumptions * Roles exist in the catalog. * Make sure to catch any error/failure conditions. ## Example ![An example of user create event workflow to request two roles when a user is created.](../_images/governance-workflow-example-user-create-event-request-roles.png) * 1 The Script node gets a user ID from the event request and returns the user object. > **Collapse: Click to display script** > > ```js > logger.info("Get User Id From Event Request: UserCreateEventWithSteps"); > var content = execution.getVariables(); > var requestId = content.get('id'); > > // Read event user information from request object > try { > var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {}); > var userObj = requestObj.request.common.blob.after; > execution.setVariable("userId", userObj.userId); > } > catch (e) { > execution.setVariable("failureState", "Validation failed: Error reading request with id " + requestId); > } > ``` * 2 The Script node makes a call to create the request. The payload contains two catalog IDs for the `Data Analyst` and `Security` roles. > **Collapse: Click to display script** > > ```js > logger.info("Submit Role Requests: UserCreateEventWithSteps"); > var content = execution.getVariables(); > var userId = content.get('userId'); > var failureState = content.get('failureState'); > > // Define request payload > if (!failureState) { > var requestBody = { > priority: "low", > accessModifier: "add", > justification: "Request submitted on user creation: UserCreateEventWithSteps.", > users: [ userId ], > catalogs: [ > { type: "role", id: "b9224b9ae535c9eab3f493dc206ac689dc9f6733b417d0def37f8969bef3e95dad7c812e4585056f698c7b3eb15c970dfa939eca8217741af187978359af13df"}, > { type: "role", id: "e7ec51656c6f5ca297d82772a681e3069d8a7c24c04f15afaa8060856e17ad6e76f88bdeb635d4dc8c3d8faa462f376189322e85df379ae0721fcb2d28d1a222"} > ] > }; > > // Create requests > try { > openidm.action("iga/governance/requests", "POST", requestBody, {_action: "create"}) > } > catch (e) { > execution.setVariable("failureState", "Unable to generate requests for roles"); > } > } > ``` * 3 The Script node completes the request. > **Collapse: Click to display script** > > ```js > logger.info("Finalize Request: UserCreateEventWithSteps"); > var content = execution.getVariables(); > var requestId = content.get('requestId'); > var failureState = content.get('failureState'); > > if (!failureState) { > try { > // Update event request as final > var decision = {'status': 'complete', 'outcome': 'fulfilled', 'decision': 'approved'} > var queryParams = { '_action': 'update'}; > openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams); > logger.info("Request " + requestId + " completed."); > } > catch (e) { > execution.setVariable("failureState", "Unable to finalize request."); > } > } > ``` * 4 The Script node handles any failures. > **Collapse: Click to display script** > > ```js > logger.info("Failure Handler: UserCreateEventWithSteps"); > var content = execution.getVariables(); > var requestId = content.get('requestId'); > var failureReason = content.get('failureReason'); > > // Update event request as final > if (failureReason) { > var decision = {'status': 'complete', 'outcome': 'cancelled', 'decision': 'rejected', 'comment': failureReason, 'failure': true} > var queryParams = { '_action': 'update'}; > openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams); > logger.info("Request " + requestId + " completed."); > } > ``` | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The [User create event with email workflow example](example-user-create-event-send-email-workflow.html), [User create event with catalog lookup workflow example](example-user-create-event-catalog-lookup-workflow.html), and [User create event with two roles workflow example](example-user-create-event-two-roles-workflow.html) examples present `User create` event workflows. However, you can also adjust the workflows for `User update` events. For example, in the `User create` examples, the user object returns the current or *after* state of the user:```js var userObj = requestObj.request.common.blob.after ```Update events also have access to the *before* (or pre-update) state by referencing the object, which you can also use in your scripts.```js var userObj = requestObj.request.common.blob.before ``` | | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Download the JSON file for this workflow [here](../_attachments/workflows/workflowUIUserCreateEventTwoRequestsWorkflowExample.json).Learn more about how to import or export workflows in [workflow editor canvas](workflow-configure.html#orch-ui-canvas). |