Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:54 PM
We have a temporary workflow requirement in which the user being requested for by the manager will get an approval task. This is in addition to the manager approval and is being used as certification that a user accepts and is aware of temporary elevated access.
For instance, Manager A requests access for User B. Request then gets an approval tasks with Assignee of User B.
Or, User C requests access for User B. Manager A gets the initial approval. Once this approval is complete, User B gets the secondary approval.
I understand that "self-approval" is not typical, but we are attempting to add in a user verification step to record the user's acknowledgement of the access that has been requested for them. The actual manager approval is staying in place and this is in addition to that.
I have attempted to create a "TASK: Custom Assignment" with a CustomQuery of "select userkey from users where userkey = ${user.userkey}"
as well as "TASK: Custom Assignment" with Select User Field = USERNAME with value ${user.username}
Everything I've tried results in an approval assigned to Saviynt Administrator (admin).
I'm really just wondering if my logic is unsound or if there are controls in Saviynt specifically preventing the requested for user to be unable to be assigned an approval step for their own request.
Solved! Go to Solution.
04/12/2022 01:50 PM
Hi Steve, yes there are controls from an audit standpoint where a user CANNOT approve her or his own request. So your configuration is correct from a workflow standpoint, but because the system realizes that the beneficiary is the one who is turning out to be the approver, the request got auto-routed to the admin for approval.
04/12/2022 01:50 PM
Saviynt is there any way to turn this off as this workflow would be very beneficial in collecting attestation type information from the end user? More or less the request would be that once the manager orders or approves the request an attestation approval goes to the end user to accept the terms of use, by approving the task they agree to the terms of use. This will drastically cut down on the amount of signed security agreements or information needed to be returned by the end users and can automate many workflows such as remote access agreements. Please get back to us ASAP as this would be highly useful during this time of potential crisis.
04/12/2022 01:50 PM
Can this be overridden in the XML portion?
04/12/2022 01:50 PM
Hi Greg, no this behavior cannot be overriden. Audit controls are baked into the product.
04/12/2022 01:50 PM
What other options do we have for the end user to accept terms through an attestation of specific service offerings when an item is ordered? We would like to automate several work flows by having attestation of the end user done electronically, versus having signed agreements. We understand you want the product to work a specific way, but the system does not take a lot into consideration and has limitations set throughout the system without clearly identifying what those limitations are.
04/12/2022 01:50 PM
Hi Greg, someone from our professional services team will get in touch with you to discuss options.