AnsweredAssumed Answered

OS Authentication in Workflow Manager

Question asked by apurvdanke on Dec 6, 2016

We are using ArcGIS Workflow Manager extension for ArcGIS Desktop in 10.4.1 with Oracle 12C geodatabase. We have created the Workflow Database (JTX tables) in a separate user schema in Oracle geodatabase called “WORKFLOWMANAGER”. So all the JTX tables have the prefix – “WORKFLOWMANAGER.<JTX Table Name>”.

 

We also have other user schemas where we have different business datasets. In Workflow Manager Administrator we connect using the “WORKFLOWMANAGER” user and select the schema as “SDE” as that is the schema where all the geodatabase tables are stored. We have configured many Job Types, Maps, Workflows, Users and User Groups. As far as users are concerned we have used the “Traditional” user store by using Windows Active Directory users. They have been added in different groups.

 

We also configured MXD’s for different job types. Each MXD uses the respective user schema owner database connection. We have also given the required privileges to “WORKFLOWMANAGER” user on the user-schema datasets in the geodatabase. In this way, when we create jobs and open the job in ArcMap, there is a step in the workflow used by the job which creates a version under “WORKFLOWMANAGER” user and switches all the layers in the MXD to point to that version and database connection. In this way we’re able to execute the Job Workflow without any issues.

 

Now coming to OS authentication, we have created different roles in Oracle database where Windows AD users have been added as external users. So these users login with their AD ID and are able to connect to the Oracle geodatabase using ArcCatalog and view the datasets on which they have privileges. Now we have created MXD’s which use OS authentication instead of database authentication, and configured those MXD’s for the different Job Types in Workflow Manager Administrator. When we create a job, and open the job and then it comes to the step where a version is created; the version still gets created under “WORKFLOWMANAGER” schema, and then automatically all the layers in the MXD are re-pointed to database authentication. This is where the issue is, we don’t want the layers to be re-pointed, the version should get created under the logged in Windows AD user. Normally when such a version is created it is in the format - <AD Username>.<Version Name>

 

We tried another way when we logged in to Workflow Manager Administrator using OS authentication instead of database authentication. This was done after providing the necessary privileges in Oracle geodatabase to the Oracle role to which the AD user belongs to; on all the JTX tables in WORKFLOWMANAGER schema. After logging in, the MXD’s were configured using OS authentication for different job types. Then after creating a job in Workflow Manager(which uses the same default connection of OS authentication), when we try to open the “Job List” in ArcMap on the Workflow Manager toolbar, we don’t see anything come up. Later we tried to run the “User Queries” in Workflow Manager for “All Jobs”, “Unassigned Jobs” etc. but we get the following error as given below.

 

 

 

We also tried to change the SQL query in the Workflow Administrator to use the prefix “WORKFLOWMANAGER.” for the JTX tables and verified the SQL and saved it there, but after creating the job we’re still not able to see the Job List in ArcMap, and also in Workflow Manager when we try to perform any of these queries, we’re still getting the same error message.

 

The main intention is to make OS authentication work with Workflow Manager, and the once the job is opened in ArcMap the version should be created under the Windows AD user rather than “WORKFLOWMANAGER” database user.

 

Is it worth creating the Workflow Database using OS authentication in the first place? Any assistance is greatly appreciated.

 

Regards,

Apurv Danke

Outcomes