Monday, April 16, 2018

IGI Internal Events

IGI gurus should understand that adding rules to Live Events is really the only way you are going to get maximum value from your IGI deployment. Out of the box features within identity tools are rarely sufficiently detailed enough to allow for production deployment and there is always a need to enhance these processes with organisation-specific rules and definitions.

IGI gurus will also be aware that the firing of rules can be somewhat hit and miss. Placing objects into the USER_ERC table will fire a Live Event on the IN queue, but writing an advanced rule to perform a SQL update of the same database table using the internal scheduler will NOT fire a Live Event!

Similarly, modifying a user in the Administration Console will not fire an event either unless you specifically "Enable Internal Events" on your Settings tab.



Enabling Internal Events, however, will only allow a handful of events to trigger a rule, For example, you can add business logic to the Add Entitlement event, but you cannot add business logic to the Publish Entitlement event or the Add Entitlement to an OU event. Maybe one day this will be enabled (and I really hope some of the IBM Development Team read this)!

Anyone who has ever enabled internal events, then clicked on the Monitor/INTERNAL tab to view the events may be sorely disappointed. I call it the "Tab of Disappointment" and why? Well, it will be empty. No matter what events are being fired, it will be empty. That is, until you add this little gem to your system:

when
    event : EventBean(  )
then
/*
 *  Version: 1.0
 *  Date   : 2018-02-28
 *  Purpose: Saves the event so it is viewable in the logs
 */
    event.setState(1l);

This piece of code should be added to the BEFORE ruleflow within Rules/Live/Internal. This code instructs the platform to always save the event within the database tables which makes the event visible in the Monitor/INTERNAL tab.

Now you can see what is going on in your system and maybe even replay events.

NOTE: Should you wish to look in your log files for anything you may be spewing out from your rules within Rules/Live/Internal, you may have to look at the accessgovernancecore_event_out.log file. Don't ask why!

No comments: