In ProcessMaker 4, when configuring a process at Designer/Processes/Configuration, there is a new parameter "Process Manager" that is not described in the
documentation.
Where is the documentation for what "Process Manager" is/what it allows/what responsibilities it has?
Find the documentation related to Process Manager here:
https://processmaker.gitbook.io/processmaker/v/processmaker-1/designing-processes/viewing-processes/view-the-list-of-processes/edit-the-name-description-category-or-status-of-a-process#configure-general-settings
Here is the expected behavior and description for this feature:
From the Process Manager drop-down menu, select which user is the
Process Manager. The Process Manager understands the Process design
and workflow dynamics to troubleshoot Request routing incidents. This
setting is only available if the Advanced User package is installed.
This user is assigned Tasks in this Process's Requests in which
workflow would otherwise pause indefinitely because that Request's
workflow cannot continue to a valid Task assignee for any of the
following reasons:
The Request routes to a Task assignee whose user account is inactive.
The Request routes to the Task assignee's manager, but that user's account is not configured with a manager.
The Task assignee does not have a user account manager, and is a member of two or more groups which have different managers.
The Request routes to a Task assignee in which that user's account is set with the following statuses:
The user's account is set to Out of Office status, but not configured with a delegated user to assign new Tasks while with this
status.
The user's account is set to Scheduled status, is not scheduled to work when the Task is assigned, and is not configured with a
delegated user to assign new Tasks.
The Process Manager is assigned the Task in that Request, and may then
indicate how to route that Request. The Process Manager may optionally
cancel that Request if that user is among those selected in the Cancel
Request setting.
Related
I've been tasked with a project to get attendance information from specific types of Teams. I have a service account that is already a member of these Teams, however it is unable to access an endpoint needed to resolve JoinWebUrls to meetingIDs (See example #3, 'Retrieve an online meeting by JoinWebUrl').
I have done the following thus far:
Create a new App Registration and assigning it 'OnlineMeetings.Read.All' as an Application permission (this process needs to run as a script, meaning that Delegate permissions won't work here)
Create a new Application Access Policy, assigned the aforementioned App Registration's App ID to it, and granted it to the service account.
Signed into MS Graph as the service account (using the 'password' grant_type) and retrieved the 'events' within the Team (via /v1.0/groups/$GroupID/events)
Extracted the JoinWebURL parameter from each of those events.
Step 5 would be to resolve the meetingID from the JoinWebURL, however when I all of the following requests fail:
GET /v1.0/me/onlineMeetings?$filter=JoinWebUrl eq '$JoinWebURL' (as the service account, which should be able to interact with the meeting)
GET /v1.0/users/$ServiceAccountObjectID/onlineMeetings?$filter=JoinWebUrl eq '$JoinWebURL' (as the service account to access it's own object's meetings, however this does seem to be the endpoint for Application permissions rather than Delegate permissions)
GET /v1.0/users/$ServiceAccountObjectID/onlineMeetings?$filter=JoinWebUrl eq '$JoinWebURL' (using the App Registration mentioned earlier, signing in with the 'client_credentials' grant_type)
GET /v1.0/me/onlineMeetings?$filter=JoinWebUrl eq '$JoinWebURL' (as the App Registration trying to access any meeting, however this does seem to be the endpoint for Delegate permissions rather than Application permissions)
Basically, I'm stuck. Is there something obvious that I'm missing? I'm also considering raising a support call with Microsoft, to see if the behaviour I'm experiencing is merely a bug.
Thanks in advance.
Events and online meetings are two different API's, you have created an event and trying to get online meeting details. That's the reason you are getting those errors. If you want to get event details please try this document.
Some users in our client's Azure DevOps Server (on-prem) instance are unable to see the Request, Response and Event tabs when they view the history for webhooks. Other users can see the tabs.
The issue is as follows...
Under Project Settings --> Service Hooks, my client has a number of service hooks/webhooks defined.
When clicking the ellipse menu next to a Service Hook and selecting "History" it opens a modal window showing previous "runs" of the service hook in question.
On the right hand side of the modal window there are several tabs. Summary, Request, Response and Event (Screenshot attached)
Some users are unable to see the "Response", "Request" and "Event" tabs.
Some more background... The users in question cannot be placed in the "Project Collection Administrators" group due to company policy. They have been given "EditSubscription" permissions using tfssecurity.exe command line but it's still not working. I was hoping there might be a way to give them the required access using the REST API but it seems like the Azure DevOps CLI does not work with Azure DevOps Server 2019?
If anyone else has any advice I'd appreciate the help.
Thanks in advance.
Devon.
You should be able to grant a regular project user the ability to view and manage service hook subscriptions for a project.
tfssecurity /a+ /collection: https://dev.azure.com/fabrikam-fiber-inc/DefaultCollection ServiceHooks PublisherSecurity/abcdef00-abcd-0000-0000-abcdef000000 EditSubscriptions n:fabrikamfiber4#hotmail.com ALLOW
Make sure you used the command with same format and the users also have View subscriptions permission.
Take a look at What permissions do I need to set up a subscription?
Q: What are the security implications of granting Edit subscriptions
and View subscriptions permissions?
A: The user with these permissions can see all subscriptions created
in the project and the notification history for those subscriptions.
That user can then create any type of service hook subscription in
that project. If the user sets up a subscription for a resource that
they don't otherwise have permission to access, the subscription won't
get triggered.
For example: if I don't have access to work items in area path XYZ,
and I set up a subscription to the work item update events, I won't
get notifications for updates to work items in area path XYZ. However,
if another user who does have access to the work items in area path
XYZ is receiving those "work item update" events, then I could see the
notification history of that other user's events, which includes work
item data that I don't otherwise have access to.
If users are still not able to view those tabs with granting both Edit subscriptions and View subscriptions. Suggest they completely sign out the browser and clear cache. Then login in TFS web portal again. Which may do the trick.
I need to read the tasks in a Plan on a daily batch process. I am retreiving the Plan ID during registration process by delegated permissions and save this ID in the application's database. On the daily batch process I am trying to access this Plan's tasks using;
https://graph.microsoft.com/v1.0/planner/plans/{Plan ID}/tasks
I am getting "401 - Unauthorized: Access is denied due to invalid credentials" error. I've got the following permissions in the screenshot below, am I missing the required one or is it not possible to access this service with Application type permission?
Permission List
Application permissions are now supported.
Outdated Reply:
Application permissions are coming:
https://devblogs.microsoft.com/microsoft365dev/announcing-updates-to-the-planner-api-in-microsoft-graph/
Before that is live as a workaround to your problem, you can create an
account to act as a user for the application, and add that to the
groups you are interested as a member.
I'm just getting started with D2L and am running into problems.
On the "Getting Started" page, I have completed the first three steps:
1) Acquire an App Key/ID pair from D2L - I have received the App ID and App Key
2) Create a test account in your host LMS - I have created a new user account with the administrator role for testing
3) Choose a client library to work with - I am using the PHP SDK
4) Authenticate with your LMS - This is where I'm running into trouble.
When I use the Getting Started sample:
http://samples.valence.desire2learn.com/samples/GettingStartedSample/
And enter my host, app ID and app key and hit on the "Authenticate" button, I get a "This application is not authorized on this LMS instance. Ask your administrator to authorize this application" error.
I am an administrator on my D2L host and I'm not sure how to authorize my own app.
I have tried the following:
Navigating to the "Manage Extensibility" page because that's where D2L says my app should be located, but it isn't there.
Enabling the API (d2l.Security.Api.EnableApi) under the "DOME" page to no avail.
What am I doing wrong?
Based on your question and comments, there were two issues here:
First is that the list of App ID/Key pairs appropriate for your LMS get regularly fetched by your LMS from the D2L KeyTool service. The schedule for this fetching is once a day; accordingly, if the scheduled task isn't set up, or if your LMS isn't identifying itself properly to the KeyTool service, or if time hasn't yet elapsed after key granting to the next scheduled run of the task, the App won't yet be in your LMS' Manage Extensibility list. It sounds like you no longer have that issue.
Second is that the Valence Learning Framework APIs' authentication process (requesting and retrieving a set of user tokens for an LMS user) requires several LMS features to be properly set up: (a) the LMS must be configured to support Deep Linking, (b) the LMS must be set up to handle the ?target= parameter on incoming client URL requests, and curate that parameter throughout the user authentication process.
In cases where your LMS is not doing the user authentication but depending upon another, third-party IDP (like Shibboleth), any ?target= parameter passed into the login process must be taken care of by the IDP and properly handed back to the LMS after user authentication. In a situation where you have multiple redirections occurring during user authentication, this can involve successive generation of a target parameter, and each generation must re-URL-encode the previous request URL in its entirety (like sticking an envelope inside another envelope, inside yet another envelope).
If your LMS is not properly configured to support these two points, which you might not notice during other operations, then client calls to the Learning Framework APIs won't work because the calling client won't be able to fetch back a set of user tokens.
To solve the second of these issues, you may have to contact D2L's Customer Support desk -- they can verify, and adjust as necessary, the LMS configuration part of this authentication chain. If you're integrating your LMS with other third-party IDP components not administered or deployed by D2L, then you might also need to adjust their configurations: D2L can likely advise on what needs to be done there (curate the target parameter on URls), but cannot adjust the configuration for you in those cases.
I have a desktop application that installs and starts a service. I know a process can get the explorer.exe token and launch another process with that token so as the second process will run us the logged on useraccount.
My question is this: can I start my service by this explorer.exe token too? Is there an example in Delphi?
thx for your time
No, you cannot use such a trick to launch a service in a specific user account. The service's configuration in the SCM specifies the user account that the service uses when started. You can use ChangeServiceConfig() to change that account, but be careful because it is a global setting, not a per-start setting.