Proof-of-concept for updating a specific DMN table from SCIM reqest
DMN is Excel-like table for modelling decisions. We'd like to try if they could be used to model information related to associations between users and groups.
For example, in an automated process we may need to figure out, who is leading the primary unit of the submitter of some request. To figure it out, we need to know the primary unit of the submitter and the users in leader role of that unit.
A SCIM request for user update could contain the following extra attributes: primaryUnit
and primaryUnitRole
. These do need a SCIM schema extension published to Azure to allow these to be submitted, but let's skip that detail now. Of course, we could every time extend user schema, add more search indexes and search queries to make the above decision possible, but it would soon become cumbersome. What if we could populate DMN tables with values from SCIM request. A DMN table for "username-primary-unit" and another for "unit-role" relation and add/remove/update required line for each of those according to data in SCIM request. Then we could use automatically updated DMN tables in BPMN procesess for making business rule decisions like "assign this task to the leader of the primary unit of the submitter".
For proof-of-concept it is enough to try to update manager_for_user
DMN available in the camunda-scim-workspace
. Manager is already defined in SCIM enterprise user extension defined in the specification: https://tools.ietf.org/html/rfc7643#section-4.3 But it must be published by /scim/Schemas-endpoint to make it available for Azure AD SCIM configuration.
What and where is that DMN? manager_for_user
DMN is automatically provisioned in our Camunda App startup from ./app/src/main/resources/kayttaja-esimies.dmn Every restart will reset the DMN in system to match the version in filesystem.
Once Camunda has been started the DMN is available in the UI http://localhost:8800/app/cockpit/default/ -> Deployed -> Decisions Definitions -> Työntekijän lähiesimies
A new decision can be manually executed from the command line with
curl -X POST -H "Content-Type: application/json" -H "X-Hasura-Camunda-Secret: secret" http://localhost:8800/rest/decision-definition/key/manager_for_user/evaluate --data '{"variables": {"username": {"value": "atsoukka"}}}'
Camunda UI will show execution history for each executed decision.
It looks like there is no simple API for updating these DMN deployments in-place, but they have to be "virtually downloaded" in Java code from Camunda RepositoryService, then there Java API available or updating them, and then the updated DMN must be re-deployed to have effect. We are not the only ones wanting to do this, so there might be better API in the future.
Resources: