Saturday, July 10, 2010

Talk Down, Build Up

No, it’s not a new self esteem program; rather what I think is the best methodology for developing SAP NetWeaver Identity Management Workflows.

First, let’s review the basic components of a NW IDM Workflow

Screens represent the top most level and what most people routinely deal with. Here’s where we present the attributes (populated and empty) Descriptions and other UI related features. Starting with NetWeaver IDM 7.1, this is handled by the Web Dynpro engine. Before that PHP was used.

Tasks are what give the workflow their structure. Ordered Tasks, Un-Ordered tasks, Conditionals, Approvals, etc go here.

Action Tasks are the real muscle of the workflow. Action tasks execute the actual operations of the workflow. Writing information to a Target System, a Report or the Identity Store itself all gets done from these tasks.

Of course there are many workflows of various complexities that come with the SAP Provisioning framework, but as we all know this will not cover all circumstances and sometimes custom workflows will need to be created. Fortunately, NW IDM makes it rather easy since Screen, Tasks and Action Tasks can all be linked and re-linked together over and over.

Over time I’ve found that the design and creation of workflows can be best summarized by what I refer to as the “Talk Down, Build Up” approach.

When discussing the formulation of a workflow it is generally best to discuss the workflow top down. That is start with what the user sees and then what happens after they press “Submit.” People find it easy to follow the workflow and its branches (if any) when we start from this approach. Given the way that the workflows correspond to a flowchart, this seems to be somewhat of a no-brainer. The following screenshot, gives one an idea about this:

Development, however does not work the same way. Trying to develop top down becomes fairly confusing since the developer is linking to objects that might not exist yet. Development, it seems works best, from the bottom up. In general I recommend creating NW IDM workflow objects in the following order:

  1. Action Tasks
  2. Privileges
  3. Roles
  4. Conditional/Approval/Switch Tasks
  5. Ordered tasks (I seldom make use of unordered ones)
  6. Screens

As a general best practice, I also reccomend using folders as organizational containers to group related tasks together. Usually I like to do this by target system (AD, SAP, SunONE, NW IDM, Notifications, etc.)

So there we have it. We talk down about the structure, but we build from the bottom up. I’m wondering how other SAP NW IDM architects approach this. What about other IdM products?

2 comments:

Anonymous said...

In our Identity Management and Workflow product (EmpowerID), we typically will drag the actions onto the workflow canvas first and then the user interface shapes. After that we connect the shapes with the lines and their rules and map the properties that need to flow between the shapes. http://t.co/Etm92Si

Patrick

Matt Pollicove said...

Patrick,

Thanks for the comment. I think that's a great way to sketch out your ideas, and I while I'm not familiar with Empower ID, it sounds like it has a sweet interface!

My comments were specifically targeted to the SAP NetWeaver Identity Managment platform, though.

Matt