Skip to Content
Technical Articles
Author's profile photo Henrik C. Madsen

Using MX_LINK_EXPIRY_NOTIFICATION to send notification prior to role expiry date

When temporary access is assigned to users, it can sometimes be useful to be able to automatically inform them about the assignment expiring. The attribute MX_LINK_EXPIRY_NOTIFICATION is one way to do this.

The attribute contains 2 values: The notification task and the offset to when to execute the notification task.

In my example, I want to send a notification 3 days before the assignment expires

Offset

 

The process I’m calling is quite simple:

process

The first action task contains a “To Generic” pass which takes the Pending Value and passes attributes to a script

 

 

In the script, you can do what you like with those attributes to format your notification.

This is a quick and dirty version that served as proof of concept:

It should obviously be tidied up for production use, but for PoC it does the job.

 

The 2nd task called in the process is the SAP standard notification task. I’m using a custom notification template

 

That’s it! Of course there are many other ways of doing this, but this one works for my requirement.

 

Text version of the script:

// Main function:ZSCR_GetNotificationVar

function ZSCR_GetNotificationVar(Par) {
//Subject is the user | Target is the role

var subject = Par.get("SUBJECT");
var subjectmskey = Par.get("SUBJECTMSKEY");
var subjectdn = Par.get("SUBJECTDN");

var target = Par.get("TARGET");
var targetdn = Par.get("TARGETDN");
var valid = Par.get("VALID");
var Template = Par.get("TEMPLATE");

uWarning("UserID: " + subject + " | User displayname: " + subjectdn + " | Role Displayname: " + targetdn + " |Role MSKEY: " + target + "| Valid to: " + valid);

var recipient = subjectmskey;

// set context variables for notification task
uSetContextVar("#MSG_TEMPLATE", Template);
uSetContextVar("#MSG_RECIPIENTS", recipient);
uSetContextVar("#MSG_PAR_DISPLAYNAME", subjectdn);

}

 

In conclusion, using the above example, you have the baseline of what is required to send notifications prior to an assignment expiring. This can be useful in many different scenarios

Any questions, feel free to comment on the blog, or post with the SAP Identity Management tag here

Also, I’d be very interested in hearing your feedback on this post – my first blog on SAP.com.

 

 

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.