an IBM Cloud Pak® for Business Automation use case
Use Case: Content and document services
Use Case Overview: Focus Corp accelerates the use of unstructured content in an employee onboarding use case using teamspaces and secure external file sharing. You will assume the role of Lucy, an HR employee onboarding specialist at Focus Corp. Lucy’s objective is to improve Focus Corp’s process and ensure various onboarding requirements are met in a secure, structured, consistent and timely manner to onboard the new employees. Focus Corp must collaborate both internally and externally during the employee onboarding process as well as enforce structured and adhoc workflows.
Choose an option:
- Cloud Pak for Business Automation as a Service demo environment (likely an IBMer): your environment is pre-deployed, continue to the Getting Started Lab.
- Install Yourself: To deploy Onboarding Automation on your own environment, continue reading.
We assume the following products are installed, up and running:
- IBM Cloud Pak® for Business Automation version 22.x
- Automation Foundation on OpenShift
- Business Automation Applications (including Studio and App Engine) on OpenShift
- Business Automation Content Services on VMs or OpenShift
- Business Automation Navigator on OpenShift
- Business Automation Workflow (BAW) on VMs or OpenShift Note: only necessary for the last lab step to launch a process from a document
Note:
- This setup has not been fully tested on non-SaaS environments - there may be slight differences in the setup. For example, specify object CONTENT instead of OS1.
- It is recommend to clone this GitHub repository rather than individually copying each asset that is required to import into your environment.
- Determine your credentials
- If using Cloud Pak for Business Automation as a Service (CP4BAaaS):
- You will use a single login to access CPE, BAS and BAW
- Additionally, create the following from
Access Management
Service credientials
- Functional ID alias:
OA
(use something short) - Description:
Used by process app Employee Onboarding - Onboard Employee
- Note: This service account is used by BAW to launch a process from a document. Additionally, this account is also used to upload sample content using the GraphQL script.
- Permissions for this user added below
- Functional ID alias:
Users
- Add demo users with access to
Production
environment- Within the
Production
environment, the user does NOT need any specific roles
- Within the
- Add demo users with access to
Groups
- Group: TE_ADMIN
- Add only administrative users to this group.
- This access management group identifies users that have access to modify all folders and documents.
- Place the 'OA' service credential into this group
- Add only administrative users to this group.
- Group: TE_DEMO
- Add demo users to this group -OR- add the group
ECMoC_Client_CPE_User
(Note: 'ECMoC_Client_CPE_User' access mangement group is configured to include 'Participants' (aka 'Production'))- This access management group identifies users that can:
- Access content (folders/documents)
- Perform redactions on documents
- Launch the Onboard Employee process app
- This access management group identifies users that can:
- Add demo users to this group -OR- add the group
- Group: TE_OnboardingAutomation_Redaction
- Add the TE_DEMO group to this group
- Group: TE_ADMIN
- Review the NextGen User Guide for the latest user security required for the Run environment, as of February 2023, it is:
- Insights Role: Administrators
- Workplace Administrators
- Decision Server: Operator
- Note: access to the Production environment provides membership into the following access management groups:
- Participants
- ECMoC_Client_CPE_User (from Particpants)
- If deploying on your own OpenShift environment:
- Make sure you have a login to all required components above
- If deploying on your own OpenShift environment based on the demo pattern and running on IBM Red Hat OpenShift on IBM Cloud (ROKS):
- Install the
oc
CLI from the Client-side requirements here: V21.0.x. Note: all other Client-side requirements are optional for this install but recommended to manage the ROKS cluster.
- Install the
- If using Cloud Pak for Business Automation as a Service (CP4BAaaS):
- FileNet Security (Configure in
ACCE
)Object Store
(default)- ECMoC_Service_Account - Full Control - This object only
- ECMoC_Client_CPE_Administrator - Full Control - This object only
- ECMoC_Client_ACCE_ClassDesigner - Full Control - This object only
- ECMoC_Client_ACCE_ApplicationDesigner - Full Control - This object only
- baw_dev_administrators - Full Control - This object only
- CPE_Bootstrap_User - Full Control - This object only
- ECMoC_Client_CPE_User - Use object store - This object only
Root folder
- Administrators - Full Control - This object and all children
- ECMoC_Service_Account - Full Control - This object only
- TE_ADMIN - Full Control - This object only
- TE_DEMO - View properties - This object only
Folder
:Focus Corp
(Create manually or use the first step fromFocus Corp folder structure
step below )- Administrators - Full Control - This object and all children
- TE_ADMIN - Full Control - This object and all children
- TE_DEMO - View properties - This object and all children
Default Instance security
Folder
- TE_ADMIN - Full Control - This object only
- TE_DEMO - View properties - This object only
- #CREATOR-OWNER - Full Control - This object only
Document
- Administrators - Full Control - This object only
- TE_ADMIN - Full Control - This object only
- TE_DEMO - View content - This object only
- #CREATOR-OWNER - Full Control - This object only
- Deploy Content Services
- Log into Administration Console for Content Engine (ACCE) and locate your Object Store (generally called
OS1
on SaaS andCONTENT
on ROKS) and perform the following:Property Templates
- navigate to Data Design, Property Templates and create property templates for:- First Name (String)
- Last Name (String)
- Application Date (Date Time)
- Employee ID (String)
- Onboarded (Boolean)
- Hire Date (Date Time)
Document sub-class: Employment Application
- navigate to Data Design, Classes, Document and create a Document sub-class named Employment Application with these properties:- First Name
- Last Name
- Application Date
Folder sub-class: Employee
- navigate to Data Design, Classes, Folder and create a Folder sub-class called Employee with the following following properties:- First Name
- Last Name
- Employee ID
- Onboarded
- Hire Date
- Focus Corp folder structure - use either Go scripts or execute using GraphiQL.
Note: the Go scripts use GraphQL commands.
- Option 1 - Go Script
- Install Go
- Download and review the Go script (located within this GitHub):
content-services / graphql / go
- Review
- Review usage in the HELP file
- Review/verify design structure: folders.json
- Review/verify data: documents.json
- The content is located in the Focus Corp - Demo Content folder. Create DocumentScript folder and copy the desired content.
- Reference info - review GitOps Pattern (IBM Only)
- Execute
- $go run focusCorpConfig.go -tenant= -env=<dev,run> -action=<design,data> -userpassword=user:password
- Execute design (folder.json)
- Execute data (documents.json) - ensure content is in subfolder DocumentScript
- Review
- Option 2 - create directly using GraphiQL
- Locate your GraphQL URL, using Cloud Pak for Business Automation as a Service example, the format is:
- https://<tenant>.automationcloud.ibm.com/dba/run/content-services-graphql/
- Download and review the GitHub script (located within this GitHub):
content-services / graphql / FocusCorp-GraphiQL-Design-YYYY_MM_DD-XX.txt
- The repository id is
OS1
in the script. If your repository id is different, update the script with your repository id - Copy and paste each section and confirm the script executes successfully on your environment
- Locate your GraphQL URL, using Cloud Pak for Business Automation as a Service example, the format is:
- Option 1 - Go Script
- Sample Content - if Option 1 (Go Script), was used in the prior step, this step is no longer necessary as the content was uploaded using the -action=data parameter of the Go script.
- Using the Navigator Browse feature, navigate to folder
\Focus Corp\Human Resources\Onboarded\Employees\Selena Swift
and perform the following:- For Photos - add the images to the
Photos
subfolder from the GitHub source:content-services / sample-content / Selena Swift / Photos
- For Employee Packet - choose one of the methods below:
- Using CURL/GraphQL
- Review and execute the GitHub script:
content-services / graphql / FocusCorp-GraphQL-Data-YYYYY_MMDD-XX.txt
- Review and execute the GitHub script:
- Manual process using Navigator
- Download the content from the GitHub source:
content-services / sample-content / Selena Swift / Employee Packet
and manually upload the following:- Confidentiality Agreement.pdf (Class: Document)
- Employee Manual.docx (Class: Document)
- Focus Corp - Employment Application.pdf (Class: Employment Application)
- First Name: Selena
- Last Name: Swift
- Application Date: specify any date
- Download the content from the GitHub source:
- Using CURL/GraphQL
- TE_DEMO group Author permission to folder:
\Focus Corp\Human Resources\Onboarded\Employees\Unsecured
- Update the security on the Unsecured folder
- TE_DEMO - Modify properties - This object and all children
- Update the security on the Unsecured folder
- For Photos - add the images to the
- Using the Navigator Browse feature, navigate to folder
- Navigator Administration
- Connections, Repositories - the lab uses two object stores - the FileNet content object store and the BAW target object store
- For the FileNet content object store, set the following:
- General tab - Display name: Corporate Operations
- Configuration Parameters tab:
- Workflow connection point - OS1_CP1:1
- State icons - enabled for all except Are uploading (requires Aspera plugin)
- Task manager connection ID - set using an administrator user ID and password to run background tasks that modify the repository.
- Track downloads - set to Enable
- Sync services - set to Enable
- Document History - set to Enable
- Teamspace management - set to Enable
- Enable owners to delete teamspace, included contents - checked
- Role-based redactions - set to Enable
- Entry template management - set to Enable
- Set Browse configuration, Selected Properties for:
- Show in Details View: Name, Content Size, Last Modifier, Date Last Modified, Major Version Number, Description
- Show in Magazine View: Name, Last Modifier, Date Last Modified, Likes, Tags, Downloads, Comments
- Note: if you are unable to specify the fields above, you may need to recreate your repository.
- For the BAW target object store, ensure that the repository configuration setting for General, Display Name is set to Workflow Operations
- For the FileNet content object store, set the following:
- Menus
- Copy the Default document context menu menu option and add options for Launch Process and Share (Share is only needed for Additional Assets section)
- Update your desktop and update Context Menus - Content Context Menus - Document context menu to the new menu
- Copy the Default teamspace content list context menu menu option and add options for Launch Process and Share
- Update your desktop and update Context Menus - Content Context Menus - Teamspace content list context menu to the new menu
- Copy the Default document context menu menu option and add options for Launch Process and Share (Share is only needed for Additional Assets section)
- Viewer Maps - ensure that the first two viewers are set for:
- Repository Type=FileNet Content Manager, Viewer=Video Viewer, File Type=video/mp4, video/x-m4v, video/webm, video/quicktime, audio/mpeg, audio/mp4, audio/x-m4a, audio/x-m4b (select all the video/audio formats)
- Repository Type=FileNet Content Manager, Viewer=Daeja ViewONE Virtual, File Type=All file types
- Update your desktop and update Viewer map setting to use this viewer map
- Desktops - edit your default desktop with the following settings:
- General tab
- Desktop Configuration section
- Merge and Split - set to Enable
- Sync services - set to Enable
- Edit Service - set to Enable
- Office for the web service - set to Enable and Allow collaborative editing
- Email settings - Use the HTML-based email service checkbox enabled along with Allow users to send attachments
- Additional settings
- Show security settings during add and check in actions - checkbox disabled
- Enable this desktop for FileNet P8 workflow email notification - checkbox enabled
- When using the Open and Preview actions, display documents in the current window - checkbox enabled
- Document History - set to Enable
- Desktop Configuration section
- Repositories tab - selected repositories: Workflow Operations, Corporate Operations, and optionally FPOS for Records Management
- Layout tab
- Displayed features - Home, Browse, Search, Share, Teamspaces, Entry Template Manager, Work, Work Dashboard, Cases, Reports
- Default feature - Home
- Additional Desktop Components
- Document thumbnails: set option to Show
- Status bar: set option to Show
- Content list checkboxes: set option to Show
- General tab
- Role Based Redaction
- From Navigator Administration, click Role-based Redactions and set up the following:
- Reasons - create/validate that the following reasons exists:
- Credit Card Number (should already be created)
- Social Security Number (should already be created)
- Name: PII
Description: Personally Identifiable Information
- Policies and Roles
- Click
Policies and Roles
- If not connected, connect to your repository:
Corporate Operations
- Redaction Roles - click
New Redaction Role
TE Redaction Editor
- Name: TE Redaction Editor
- Type: Editor
- Description: TE Redaction Editor
- Membership: click New Editors
- Add group: TE_OnboardingAutomation_Redaction
TE Redaction Viewer
- Name: TE Redaction Viewer
- Type: Viewer
- Description: TE Redaction Viewer
- Membership: Editors
- Add existing editor: TE_OnboardingAutomation_Redaction
- Redaction Policy - click
New Redaction Policy
- Name: TE Redaction Policy
- Description: TE Redaction Policy
- Redaction Reasons: Credit Card Number, Social Security Number, PII
- Redaction editors: TE Redaction Editor
- Redaction viewers: TE Redaction Viewer
- Click
- Reasons - create/validate that the following reasons exists:
- From Navigator Administration, click Role-based Redactions and set up the following:
- Connections, Repositories - the lab uses two object stores - the FileNet content object store and the BAW target object store
- Navigator features
- Search
- Create any type search (ie. Class=Employment Application) with following properties:
- Name - Employment Application Search
- Description - Employment Application Search
- Save in - Corporate Operations / Focus Corp / X Configuration
- Class - Employment Application
- Share search with - Everyone in my company
- Create any type search (ie. Class=Employment Application) with following properties:
- Teamspaces
- Create Employee Onboarding teamspace template as documented in the Getting Started Lab, section 4.1.1 Teamspace Template Builder.
- Template name: Employee Onboarding
- Template description: Teamspace Template for Employee Onboarding
- Share template with**: Everyone in my company
- Create Employee Onboarding teamspace template as documented in the Getting Started Lab, section 4.1.1 Teamspace Template Builder.
- Search
- Log into Administration Console for Content Engine (ACCE) and locate your Object Store (generally called
- Deploy BAW artifacts
- From the Development environment, select Build, Studio (Business Automation Studio) and navigate to Business automations
- Import Employee_Onboarding - OnboardingAutomation-YYYY.MM.DD_##.twx
- Open the Onboarding Automation process app and navigate to Process App Settings -> Servers
- Edit the settings for hostname, port, context path, repository, user id, password and so forth for your Enterprise Content Management Server
- Example values: <tenant>.automationcloud.ibm.com, 443, /dba/dev/openfncmis_wlp/services11, OS1, <service id>, <service id password>
- Example values: fncm-dev-<tenant>.blueworkscloud.com, 443, /openfncmis_wlp/services11, OS1, <service id>, <service id password>
- Use the Test connection button to validate connectivity
- Edit the settings for hostname, port, context path, repository, user id, password and so forth for your Enterprise Content Management Server
- Confirm settings for process: Onboard Employee - Start
- General - Event Properties: Type should be set to Employment Application
- Validate/Edit Data Mapping
- Application Date => tw.local.employeeApplicationDate
- First Name => tw.local.employeeFirstName
- Last Name => tw.local.employeeLastName
- Name => tw.local.Name
- ID => tw.local.ecmDocID
- Save changes and optionally confirm the process app is installed correctly.
- To confirm the process app is installed correctly, create a document with class Employment Application and then right-click on the document to select the Workflow, Launch Process menu option.
- From the Launch Process dialog, select Onboard Employee and confirm the Launch UI dialog is displayed.
- To confirm the process app is installed correctly, create a document with class Employment Application and then right-click on the document to select the Workflow, Launch Process menu option.
- From Studio (Business Automation Studio), create a new snapshot of the workflow application. Name the snapshot something very shot such as
V2
. Naming it V2 will allow the launching of the process to be displayed as:- Name: V2
- Description: Automation Onboarding
- Install the new snapshot to your Run ProcessServer
- From the Production environment, access Process Admin Console and go to Installed Apps
- Select the Employee Onboarding process app
- Select Team Bindings
- Select the group TE_DEMO as a member for all the teams (All Users, Managers, Managers of All Users, Process Owner)
- Select Servers
- Select CONTENT_SERVICES_SERVER and then update the Context Path to the Run environment (ie. /dba/run/openfncmis_wlp/services11)
- Use the Test Connection button to test the connection.
- Click the Apply button to save the configuration
- Deploy Business Automation Studio artifacts
- From the Development environment, select Build, Studio
- From Business applications, import the Onboarding Automation application using
Onboarding_Automation - App - YYYY.MM.DD_XX.twx
- No edit of the application should be required but if an edit is done, create a new snapshot
- Export the application - select Export this version to be published (.zip)
- Deploy Business Automation Navigator artifacts
- Login to Business Automation Navigator's admin desktop
- If using Cloud Pak for Business Automation as a Service: Production -> Manage solutions -> Publish -> Business Automation Navigator
- If deploying on your own OpenShift environment: use your Navigator URL with
?desktop=appDesktop1
added to the end and use the menu to go to Administration
- Select Connections on the left, edit the Application Engine Connection (generally called
APPENGO
) and then select Connect- Click the Applications tab
- If using Cloud Pak for Business Automation as a Service: import the application ZIP file
- If deploying on your own OpenShift environment: import the application ZIP file
- Edit Details from the application's menu and add appropriate teams to the Permissions table, such as
#AUTHENTICATED-USERS
to make the app available to everyone - Edit the desktop of your choice (generally
appDesktop1
) and on the Layout tab, select the application - To verify, confirm that the
Onboarding Automation
application is displayed inBusiness Automation Apps
- Login to Business Automation Navigator's admin desktop
- Lead content developer Thomas Yang