Sun Identity Manager Deployment Reference

WorkItem Types

Manual actions have the ability to assign a type to the work item that is generated when the manual action is executed by the workflow engine. You can assign the work item type in a customization to filter the set of values to be displayed or operated upon.

The following work item types are recognized by the system.

Table 1–3 Work Item Types

Work Item Type  



Indicates that the work item represents an approval. 


Indicates that the work item represents an arbitrary interaction with the user. 


Indicates that the work item is temporary. Use this type to force a workflow into background execution. 

In addition, you can assign customized work item types. For example, you might set the work item type to resource to represent a resource approval and role to represent a role approval.

WorkItem Context

Work items are launched using the <ManualAction> directive. The form associated with a specified workflow can set the base context to variables.user. This eliminates the need to put user.variables in the variable name.

The WorkItem is the name space, so typical attribute names of the form:

Applies to both custom tasks and administrator approvals.

Authorization Types

Manual actions can also specify the authorization type of the WorkItem to be created. The authorization type differs from the item type in that the system automatically filters the work items returned in a query to exclude those for which the current administrator is not authorized. Typically, any administrator with the Approver capability is authorized to view all work items in the organizations they control.

To specify a work item authorization type in the manual action, use the authType attribute as follows:

<ManualAction authType=’RoleApproval’>

Assigning WorkItem Types

To specify an item type in the ManualAction definition, set the itemType attribute as shown in this example:

 <ManualAction itemType=’approval’>

Restricting Administrative View Capabilities for WorkItems

Typically, any administrator with the Approver capability is authorized to view all work items in the organizations they control. If you want an administrator to view only a subset of the work items in an organization, follow these steps:

ProcedureTo Restrict Administrative View Capabilities

  1. Define new authorization types that extend the WorkItem type. For example, define the RoleApproval type.

  2. Define new capabilities that have rights on the new authorization types rather than WorkItem itself. For example, define a Role Approver capability that has rights on the RoleApproval type.

  3. Assign the Role Approver capability to an administrator rather than the general Approver capability

  4. Set appropriate authorization types in each manual action in your workflows.