Documentation forAccess Rights Manager

Basic structure of an input option

With an input option, you create the prerequisite for the user to enter data into a form.

Prior to the actual input possibility, the allocation, e.g. for which LDAP attribute the input is to be made.

 

Example of an assignment in templates for users / groups / contacts

"Name": "sn",

"Definition": {

Properties listing

}

The properties define how the input option is displayed and how it behaves.

 

 

Frequent properties

"Type": Specifies the type of the input field.
Optional: no
Characteristics: This entry must be the first within the definition.
Possible values: Depending on the template type. An overview of the available types can be found here.
Default value:  
Example: "Type": TextArea

 

"Label": The label of the input field to be displayed.
Optional: yes
Characteristics:  
Possible values: any text
Default value:  
Example: "Label": "['en-us:name', 'de-de:Name', 'fr-fr:Nom']"

 

"DefaultValue": A value already pre-filled when the form is loaded.
Optional: yes
Characteristics: depends on Type, see TextArea, MultiValueText, DropDownList
Possible values: any text
Default value:  
Example: "DefaultValue": "This is a pre-filled value."

 

"IsEnabled": Indicates whether the field is editable.
Optional: yes
Characteristics: Fields that can not be edited must not be required fields.
Possible values: true or false
Default value: true
Example: "IsEnabled":false

 

"IsRequired": Indicates whether the field is a mandatory field.
Optional: yes
Characteristics: Required fields must not be disabled ("IsEnabled").
Possible values: true or false
Default value: false
Example: "IsRequired":true

 

"Description": Description of the field for display in the tooltip.
Optional: yes
Characteristics:  
Possible values: any text
Default value:  
Example: "Description": "Automatically created, non-modifiable comment."

 

"Items": An items list for a drop down menu.
Optional: no
Characteristics: used only in DropDownList
Possible values: listing
Default value:  
Example:

"Items": [

{ "Value": "Berlin", "DisplayValue": "Berlin - Germany" },

{ "Value": "Paris", "DisplayValue": "Paris - France" }

]

 

"DisplayValue": Value displayed in conjunction with Value.
Optional: yes
Characteristics: for DropDownList and FixedValue
Possible values: any text
Default value:  
Example: "Value": "Berlin", "DisplayValue": "Berlin - Germany"

 

"Value": Actual value, in conjunction with "DisplayValue".
Optional: yes
Characteristics: for DropDownList and FixedValue
Possible values: any text
Default value:  
Example: "Value": "Berlin", "DisplayValue": "Berlin - Germany"

 

Constraints

Use constraints to define:

  • Conditions that must be fulfilled when entering the data
  • Creation rules

The specification of constraints is optional.

If you define constraints for LDAP attributes, Access Rights Manager checks whether the Active Directory also uses constraints for the attribute. If so, the stricter condition is applied. Access Rights Manager shows in the server health check which conditions are used.

 

Available constraints (all optional)

  • "MaxLength": maximum length. Default: -1 (unlimited).
  • "ForbiddenChars": Specifies which characters can not be used. Default: [] (empty list).
  • "ValidationRule": Regular Expression. Conditions that the entered text must meet.
  • "ValidationInformation": Tooltiptext, der bei Verletzung der Constraints angezeigt wird.
  • "UniquenessConstraint": "properties/ldap/uniqueness" Ensures that the input for AD attributes is unique (prevents duplicates). This constraint works in templates for creating new users and with AD attributes only.
  • "CreationRule": A creation rule that automatically calculates and uses the value for the field. Only allowed if DefaultValue is not set.

Additional validity checks and visibility controls are available for Open Order Templates.

 

Example

"Constraints": {
  "MaxLength": 20
  "ForbiddenChars": ["ö","ä","ü","ß"],
  "ValidationRule": "(?=.*[A-Z])",
  "ValidationInformation":
    "Use a maximum of 20 characters, no umlauts and at least one uppercase letter."
  "CreationRule": "<toLowerCase>(<firstLetter>({givenname}).{sn})",
}

 

Multilanguage templates

Templates can be designed multilingual.

The language selected at ARM login is used for the display. If there is no entry for the selected language, the first language is used.

 

Example

"Key": "Name",
"Value": {
  "Type": "TextField",
  "DefaultValue": "",
  "IsRequired": "true",
  "Label": "['en-us:name', 'de-de:Name', 'fr-fr:Nom']"
}

 

You can find more examples (.example) provided with the setup under:

%programdata%\protected-networks.com\8MAN\data\templates

 

Creation rules

All input fields that can contain a constraints field can define a CreationRule within the constraints field, which automatically calculates the value of the field.

Creation rules are only valid if you do not define a default value.

Creation rules can be linked to one another as desired, e.g. „<firstLetter>({givenname}).{sn}@[fqdn]“. Spaces are also relevant.

The creation rule is also executed when the field:

  • Is hidden ("IsHiddenFromRequester": true or "IsHidden": true)
  • Is not editable ("IsEnabled": false)

 

Possibilities for creation rules

{sn}

This text is replaced by the current value of the input field for the LDAP attribute specified in curly braces (in this example, "sn").

This also works if the referenced input field is hidden and / or not editable.

If the referenced field contains a creation rule, it is executed first. The order of execution is calculated on the basis of such field dependencies. If the creation rules of a template form a cyclic field dependency (for example, if the creation rule for "sn" contains {cn} and that for "cn" {sn}), the template is rejected as invalid. The error is displayed in the server health check.

[fqdn]

This text is replaced by the domain name defined in the template (FullQualifiedDomainName).

Hello 123

Strings are accepted one by one, in this case "Hello 123".

The following special characters must be escaped with a backslash (\): backslash, round brackets, braces, comma.

Note: In JSON format, the double quotes and the backslash must be escaped with a backslash. Backslashes in creation rules must therefore be doubled, e.g.

  • "\\(" for the round bracket
  • "\\\\" for a single backslash

A simple solution is provided by online tools that perform escaping for the JSON format e.g. http://www.infobyip.com/jsonencoderdecoder.php. So you only have to manually perform the escaping for the creation rules.

<firstLetter>(…)

Returns the first character of the argument.

Example

<firstLetter>(Hello) is replaced by "H".

 

<toUpperCase>(…)

Converts the argument to uppercase.

Example

<toUpperCase>(Hello) is replaced by "HELLO".

 

<toLowerCase>(…)

Converts the argument to lowercase.

Example

<toLowerCase>(Hello) is replaced by "hello".

 

<trim>(…)

Deletes spaces at the beginning and end of the argument.

Example

<trim>( Hello ) is replaced by "Hello".

 

<subst>(…)

Deletes blanks and hyphens from the argument, replacing letters with accents by letters or combinations of letters

without accents.

Example

<subst>(Zoë Roßmäßler-Öker) is replaced by "ZoeRossmaesslerOeker".

 

<replace>(.,.,.)

<replaceOnce(.,.,.)>

Replaces characters.

Examples

<replace>(the dog and the fox,the,a) = "a dog and a fox"

<replaceOnce>(the dog and the fox,the,a) = "a dog and the fox"

<replace>(Norbert Van Eggert, ,) = "NorbertVanEggert"

<replace>(Norbert Van Eggert, ,.) = "Norbert.Van.Eggert"

 

<reverse>(...)

Reverses the order of the characters.

Example

<reverse>(apfel) = "lefpa"

 

<regExpr>('…',…)

Specifies the first match of the regular expression (within the single quotation marks), applied to the second

argument (begins immediately after the comma, spaces after the comma are counted).

 

Example

<regExpr>('.{3}',Hello) Is replaced by "Hel".

All common regular expressions are supported. As a special feature, the grouping construct (? <This> ...) is also

supported. The match on this group is returned.

 

Example

<regExpr>('.{3}(?<this>.*)',Hello) Is replaced by "lo".

 

There are online tools that can be used to test regular expressions, e.g. http://regex101.com.

All functions can be arbitrarily nested.

Example

<regExpr>('.{1}',<trim>(<toLowerCase>({sn})))

 

Complex example for an email address validation

"Name": "emailaddresses",
"Definition": {
  "Type": "TextArea",
  "Label": "Email addresses",
  "IsRequired": true,
  "IsEnabled": true,
  "Constraints": {
    "MaxLength": 500,
    "ValidationRule": "^((([a-z][a-z0-9]+:)?([A-Z][A-Z0-9]+:)?(\\w+([-+.']\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*(\\r\\n)?\\n?)+)*)$",
    "ValidationInformation": "Does not match the email format!",
    "CreationRule" : "SMTP:<tolowerCase>({samaccountname})@<tolowerCase>([fqdn]) \r\nsmtp:<tolowerCase>(<firstLetter>({givenname})).<tolowerCase>({sn})@<tolowerCase>([fqdn])"
  }
}

 

LookupTable

With LookupTable, you create pairs of values that you use to fill fields automatically.

A definition for a lookup table has the following format:

  • LookupTableId: This identifier is used to refer to the lookup table for additional fields.
  • LookupTable: Value pairs of the table. The assignment is always one-to-one.

 

In the following example, the user selects a company in a drop-down. Depending on the choice, the street, zip code, city are defined.

 

Define value pairs

"LookupTables": [
  { "Name": "LookupTableStreet",
    "Definition": {
      "Type": "LookupTable",
      "LookupTableId" : "Street",
      "LookupTable" : {
        "Demo Company Holding": "Demostreet 1",
        "Demo Company Marketing Solutions": "Demostreet 2",
        "Demo Company Services": "Demostreet 3"
      }
    }
  },
  { "Name": "LookupTableZIPcode",
    "Definition": {
      "Type": "LookupTable",
      "LookupTableId" : "ZIPcode",
      "LookupTable" : {
        "Demo Company Holding": "10000",
        "Demo Company Marketing Solutions": "20000",
        "Demo Company Services": "90000"
      }
    }
  },
  { "Name": "LookupTableCity",
    "Definition": {
      "Type": "LookupTable",
      "LookupTableId" : "City",
      "LookupTable" : {
        "Demo Company Holding": "Berlin",
        "Demo Company Marketing Solutions": "Hamburg",
        "Demo Company Services": "Munich"
      }
    }
  }
]

 

Drop down menu and fill fields

{ "Name": "company",
  "Definition": {
    "Label": "Company"
    "Type": "DropDownList",
    "Items": [
      { "Value": "Demo Company Holding", "DisplayValue": "Demo Company Holding" },
      { "Value": "Demo Company Marketing Solutions", "DisplayValue": "Demo Company Marketing Solutions" },
      { "Value": "Demo Company Services", "DisplayValue": "Demo Company Services" }
    ],
  }
},
{ "Name": "streetAddress",
  "Definition": {
    "Label": "Street"
    "Type": "TextField",
    "IsEnabled": false,
    "Constraints": {
      "CreationRule": "<lookup>(Street,{company})"
    },
  }
},
{ "Name": "postalCode",
  "Definition": {
    "Label": "ZIP"
    "Type": "TextField",
    "IsEnabled": false,
    "Constraints": {
      "CreationRule": "<lookup>(ZIPcode,{company})"
    },
  }
},
{ "Name": "l",
  "Definition": {
    "Label": "City"
    "Type": "TextField",
    "IsEnabled": false,
    "Constraints": {
      "CreationRule": "<lookup>(City,{company})"
    },
  }
},

 

Hide input fields

IsHiddenFromRequester Specifies that the affected area is not displayed to the requester.
Optional: yes
Characteristics: Effective only in the web client / GrantMA, can be overriden by "IsHidden":true
Possible values: true or false
Default value: false
Example: "IsHiddenFromRequester":true

 

IsHidden Specifies that the area is never displayed, even to the administrator in the post-processing of requests.
Optional: yes
Characteristics: if set to true, IsHiddenFromRequester is ineffective
Possible values: true or false
Default value: false
Example: "IsHidden":true