Arch2Arch Tab BEA.com
 GET INVOLVED
 New to Java?
 Blogs
 CodeShare
 Newsgroups
 User Groups
 Submit Content/Code
 PRODUCT CENTERS
 BEA AquaLogic
 AquaLogic BPM Suite
 AquaLogic Service Bus
 WebLogic Platform
 WebLogic Server
 BEA Workshop
 WebLogic Portal
 WebLogic Integration
 BEA JRockit
 WebLogic Event Server
 BEA WLCP
 More Product Centers
 TECHNOLOGY CENTERS
 Controls
 Web Services
 Eclipse
 XML
 EJB
 Persistence
 JMS
 Vertical Markets
 Dev Toolbox
 BROWSE BY ROLE
 Platform Admin
 RESOURCES
 Dev2Dev Media Center
 Article Index
 Open Source
 Security Advisories
 Utilities & Tools
 Events Calendar
 About Dev2Dev
 SUBSCRIBE
 Dev2Dev Newsletter
 RSS/XML Feeds
Syndicate this blog (XML)
«The Value of a Security Services Framework | Main

Entitlements and Business Process Management: What’s Possible?

Bookmark Blog Post

del.icio.us del.icio.us
Digg Digg
DZone DZone
Furl Furl
Reddit Reddit

David Garrison's Blog | May 2, 2008  12:56 PM | Comments (0)


Business Process Management tools are used to model, implement, execute and monitor the day-to-day processes a company follows. Products like AquaLogic Business Process management (ALBPM), recently acquired by Oracle, is used to bridge complex human workflows and the system-to-system integration of enterprise applications in a single process.

Entitlements management tools are used to manage access to complex applications. Products like AquaLogic Enterprise Security (ALES), recently acquired by Oracle, manage policies external to the application that control who can use the application and what they can do.

So what’s possible when you bring the two together? Let’s consider an example. The picture below is a simple business process for handling an employee expense report. The company’s expense report rule are as follows:

  • Any single expense report whose total is > $5000 will be rejected and sent back to the employee. The employee will be informed about why their expense report was rejected.
  • Employees in the Engineering organization can have expense reports pre-approved if the total amount is less than or equal to $1000.  If the total is greater than $1000, then it must be approved by a supervisor.
  • Employees in the Sales organization can have expense reports pre-approved if the total amount is less than or equal to $2000. If the total is greater than $2000, then it must be approved by a supervisor.

clip_image002

In the process above, the activity called Check Company Policy implements the company’s rules about expense reports using ALBPM’s Process Business Language. It checks certain parameters of the expense report (e.g. date, submitter, amount, etc.) to determine how the report should be routed. Using the business process management tool alone means when those rules change, the business process has to be changed. That means taking the process out of production, editing it, testing it, and re-publishing it.

By adding an entitlements product like ALES, those rules can be externalized. The runtime APIs for the entitlements engine can be included in the process as a Catalog element making them available to any activity in the process. Now we can write the Check Company Policy activity to call out to the entitlements engine when a processing decision needs to be made. By doing that we can write the code for the Check Company Policy activity to look like this:

Blog - checkCompanyPolicy

The activity now asks ALES to render an access decision using an authorization call to the policy engine. In the code above that call is isAccessAllowedWithResponseAttributes. This call provides an access decision along with a set of responses which provide additional data that will be used by the business process. In this example there are two responses that are returned by the ALES policy engine. The first is a comment that tells the employee the status of their expense report and the second is a nextstep that tells the ALBPM engine what to do next (how to route the expense report).

If we want to implement the company rules above, we would write our ALES policies to look like this:

clip_image006

The deny policy handles the case where the expense report total is > $5000. The two grant policies for the Sales organization determine if a report can be pre-approved or if it goes through the normal approval process. Two similar grant policies are used for the members of the Engineering organization.

Now, by using ALES, we’ve removed the logic for routing the expense report from the business process. Since those policies are managed by ALES they can be changed at any time without affecting the business process at all. They can even be changed when the business process is running in production. For example, the company may want to change the pre-approval limits for Engineering and Sales or add pre-approval limits for other organizations. At some point in time, they may want to implement a policy that prevents anyone from submitting an expense report within a week of the end of the quarter.

Granted, this is a pretty simple example, but I hope you can see the potential. You can design your business processes with certain key decision points. Those decision points can then call out to the ALES entitlements engine. The ALES policies will determine what happens at those decision points. The best part is that the policies are completely outside the business process engine so they can be changed at any time. Combining ALES with ALBPM makes your business processes more flexible and resilient to changing business requirements.


Comments

Comments are listed in date ascending order (oldest first) | Post Comment



Only logged in users may post comments. Login Here.

Powered by
Movable Type 3.31