Create Resource Activity
The Create Resource activity is used to create new resources in MIM / FIM. It implements the Conflict Detection features so that creation of duplicate objects can be avoided. It also allows the publication of the Resource ID which makes it a snap to store a reference to the newly created object in order to maintain a forward-link or back-link to the new object.
Optional. Name of the activity to be displayed on the MIM / FIM workflow designer.
Required. The type of the resource to be created.
Optional. If this setting is selected, the activity can be configured to query resources which can be used in the attribute population as source value expressions as well as in the activity execution condition and iteration. See Query Resources wiki for more information.
Required when "Query Resources" setting is selected. Specify one or more XPath Search Filter queries which should be run by the activity. e.g.
| Key | XPath Filter |
|---|---|
| GroupOwner | /Group[DisplayName = '[//Target/OfficeLocation] Administrators'] |
Optional. The condition which must be satisfied for execution of this activity's core task (i.e. create specified resource(s)). This can be any WAL function expression resolving to a boolean value. e.g. Eq(Count([//Queries/GroupOwner]),0). See Activity Execution Condition wiki for more information.
Optional. This is a lookup or function expression returning a collection of values to iterate over. Use of iteration disables publication of created resource Id ("Target for Created Resource ID") and conflicting resource Id ("Target for Conflicting Resource ID") to the specified target lookups. See Iteration wiki for more details.
Required. The user under whose context all the child requests (create requests) are submitted. Service Account (FIMService) is the default actor. See Request Actor wiki for more information.
Optional. When this setting is selected, the child update requests will be subjected to any authorization MPRs configured. See Apply Authorization Policy wiki for more information.
Optional. This is a lookup for an attribute or WorkflowData dictionary key to publish the ObjectID of the newly created resource. This makes it a snap to store a reference to the newly created object in order to maintain a forward-link or back-link to the new object.
Optional. If this setting is selected, the activity will search for a conflicting resource before creating the new resource.
Required when "Check for Conflict" setting is selected. Specify the XPath Search Filter that will return any conflicting resource. e.g. /Group[DisplayName = 'All [//Target/OfficeLocation] Users'].
Optional. This is a lookup for an attribute or WorkflowData dictionary key to publish the ObjectID of the conflicting resource identified.
Optional. If this setting is selected, the activity will generate an error when a conflict is identified.
Required. Specify how attributes are to be populated on the new resource. Lookups are used in value expressions, but an attribute name must be specified as the target. Variables may also be specified as a target and then used in the value expression for subsequent definitions.
Use a Verify Request activity prior to a Create Resource activity to ensure the resulting object will not result in a duplicate. While the Create Resource activity can detect conflicts, it cannot fail the request during the authorization phase with a configurable error and alert the user to the error like Verify Request activity can.
During attribute population, ensure that all required attributes are specified or the request will fail with a PostProcessingError since the Create request will fail.
While the activity supports iteration, it is best to refrain from creating more than one resource in a single activity as it disables publication of created resource Id ("Target for Created Resource ID") and conflicting resource Id ("Target for Conflicting Resource ID") typically needed in the logic of downstream activities in the workflow.
The following Create Resource activity creates a dynamic group for all users when a new office location is added in the system. It also assigns as the Owner of the group a corresponding Location Administrator static group (which is created using a separate Create Resource activity as a prior step in the workflow):
| Activity Display Name | Create Locational Security Groups |
| Resource Type | Group |
| Queries | |
| Key | XPath Filter |
| GroupOwner | /Group[DisplayName = '[//Target/OfficeLocation] Administrators'] |
| Target for Created Resource ID | [//WorkflowData/OfficeLocationUserGroupID] |
| Check for Conflict | True |
| Conflict Resource Search Filter | /Group[DisplayName = 'All [//Target/OfficeLocation] Users'] |
| Target for Conflicting Resource ID | [//WorkflowData/OfficeLocationUserGroupID] |
| Fail on Conflict | False |
| Attribute Population | |
| Value Expression | Target |
| "All " + [//Target/OfficeLocation] + " Users" | $DisplayName |
| $DisplayName | DisplayName |
| RegexReplace($DisplayName,"[^A-Za-z0-9-]","") | AccountName |
| "Contoso" | Domain |
| WrapXPathFilter("/Person[OfficeLocation= '"+[//Target/OfficeLocation]+"']") | Filter |
| [//Queries/GroupOwner] | Owner |
| First([//Queries/GroupOwner]) | DisplayedOwner |
| "true" | MembershipLocked |
| "None" | MembershipAddWorkflow |
| "Universal" | Scope |
| "Security" | Type |
FIM / MIM (default) UI only allows users to be assigned as the owners of a group. With workflow it is possible to assign groups as the owners of a group.