Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:17 PM
Hi Team,
Background:
1. We have created the Enterprise Role and associated the same with Endpoint.
2. The role is made up of entitlements from 3 connected endpoints
3. For Access Approval workflow, there is 3 level of approval :
Supervisor (Based upon Role Custom Property value) > Role Owner > Governance Team approval
4. Attaching the workflow
Issues:
1. For a special scenario, the request should be auto approved , but its failing
2. Customer is not looking for Account Approval and should be auto approved. So we have checked the condition and auto approved the same. But the task is created inspite the access is approved. can we have a configuration where task for account should only take place once all approvals are completed.
Solved! Go to Solution.
04/12/2022 02:51 PM
04/12/2022 02:51 PM
Hi Pallavi ,
For case 2 we are bound to use the parallel workflow also the request for account is auto approved and we have to limit the task creation until all approvals is done. Because, for customer account without access is no sense.
For Case 1, we have opened ticket with saviynt. Awaiting response. This is required expectation
04/12/2022 02:51 PM
Hi Manish,
What do you expect in the below flow.
From what I can understand, you want the account to be auto approved but the task not to be created, unless the access requests are completed.
Again if the entitlement request is rejected, should the task for account request (which is already approved) be created or not ?
Regards,
Avinash Chhetri
04/12/2022 02:51 PM
Hi Avinash,
As per customer Ask, they want the request for account should be auto approved.
Whereas the request for access must undergo the approval cycle.
Observation:
1. Since account request is auto approved SSM is creating task for account directly
2. Account task is not waiting for access request to be either approved or rejected
Outcome expected:
SSM should create task for Account and Access only when all the approvals are created.
As we have a scenario of request expiration and rejection, creation and provisioning of stale account is not customer is looking for.
04/12/2022 02:51 PM
04/12/2022 02:51 PM
Hi Pallavi,
As I mentioned we are bound to use parallel WF.
04/12/2022 02:51 PM
Hi Pallavi,
I tried using Serial Workflow, but since my request for account is auto approved, hence the complete request is going for autoapproval. It does not go for further checks.
Also, what we have noticed that when we have marked Default Ruleset as True for SoD in that case, where there is situation like Requestee== Role owner and request goes for Role Owner approval, the request is not going for Auto Approval whereas when this is marked as false,it does go for auto approval.
Kindly note we are using parallel WF. Is there any limitation or bug?
04/12/2022 02:51 PM
Hi Avinash,
We got a confirmation from Saviynt PS Team that this is expected behavior for WF.
Please refer following statement :
As per the confirmation from the engineering team, the workflow behaviour in case of SoD violation where even if the requester and owner are same, still going for approval to owner, is as per the design and for now there is no enhancement in place as this is not marked as a defect.
04/12/2022 02:51 PM
Thanks Manish !!