Saviynt Forums

Santosh · ‎05/03/2024

Hello there, I have a requirement to send email to user (limited visibility in contents) + to manual provisioning team after Grant Access step, I have this workflow in parallel, and highlighted changes in red.

<?xml version="1.0" encoding="UTF-8"?>
<process key="Role Request WF" name="Role Request WF" xmlns="http://jbpm.org/4.4/jpdl">
<start name="Start">
<transition to="foreachAccessRequest"/>
</start>
<foreach in="#{RequestAccessKeys}" name="foreachAccessRequest" var="requestaccesskey">
<transition to="Check Requester"/>
</foreach>
<decision name="Check Requester">
<transition to="Grant">
<condition expr="#{(ars_requests.requestor==endpoints.get(requestaccesskey).requestowner) eq true }"/>
</transition>
<transition to="Manager Approval">
<condition expr="#{(ars_requests.requestor==endpoints.get(requestaccesskey).requestowner) ne true }"/>
</transition>
</decision>
<task name="Manager Approval">
<assignment-handler class="com.saviynt.workflowmgt.managerAssignmentHandler">
<field name="removeitemcf">
<string value="true"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<transition name="Approved By Manager Approval" to="Grant"/>
<transition name="Rejected By Manager Approval" to="Reject"/>
<on event="start">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="ACCESS APPROVAL REQUEST"/>
</field>
</event-listener>
</on>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
<reminder duedate="9 minutes">
<text><![CDATA[
#{requestaccesskey}__ACCESS APPROVAL REQUEST REMINDER__Manager Approval
]]></text>
</reminder>
</task>
<java class="com.saviynt.workflowmgt.grantaccess"
method="createAccess" name="Grant">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<arg>
<object expr="ACCESS REQUEST COMPLETE : SENT TO PROVISIONER___Grant"/>
<object expr="ROLE PROVISION ACCESS REQUEST___Grant"/>
</arg>
<transition to="All Approvals Complete Check"/>
</java>
<java class="com.saviynt.workflowmgt.rejectaccess"
method="denyAccess" name="Reject">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<arg>
<object expr="ACCESS NOT COMPLETED : REQUEST REJECTED___Reject"/>
</arg>
<transition to="All Approvals Complete Check"/>
</java>
<join multiplicity="#{quorum}" name="All Approvals Complete Check">
<transition to="End Request"/>
</join>
<java class="com.saviynt.workflowmgt.endrequest"
method="arsendrequest" name="End Request">
<arg>
<object expr="#{reqid}"/>
</arg>
<transition to="endRequest"/>
</java>
<end name="endRequest"/>
</process>

Saathvik · ‎05/03/2024

@Santosh : Can you trigger one from WF and another from Task level emails of an endpoint?

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Santosh · ‎05/03/2024

This is being used for enterprise role request and our role is supposed to create account and grant access to multiple endpoints once approved. Do I have to assign the task level email in every endpoint? (let's say that would be used to notify manual provisioners)

rushikeshvartak · ‎05/04/2024

You can keep other team in cc why needed another grant block ? It will create duplicate tasks.

please share workflow snippets

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Santosh · ‎05/06/2024

Hi there, the reason for 2 templates are:

1. (Template 1) To Manual provisioner: with details to login/navigate and approve/reject the access requested via enterprise role.

2. (Template 2) To End User + Requester: Your request has been approved.

It does not make sense to attach same email to enduser+request+provisioner based on above scenarios.

Here is the picture of snippet, if that is what you asked.

rushikeshvartak · ‎05/06/2024

You need to have single grant task block in workflow to avoid duplicate task

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Santosh · ‎05/06/2024

I agree, but to accommodate my use case where, 1 template will contain instructions for manual provisioner and another template 2 to end user+requester which will have simple email saying, "your request for role has been approved". I am thinking of attaching the template 2 on manager's approval block (notification to requester) and template 1 on grant block, with a consideration that if approved, no notification and if rejected, rejected will have rejected email template. This is not a good approach but could be a last straw.

rushikeshvartak · ‎05/06/2024

Email template content add if else logic to validate if its requestor /user or provisioning team

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Santosh · ‎05/07/2024

I didn't get that. It would be great to have some documentation on available custom classes of workflow management for these type of action items.

rushikeshvartak · ‎05/07/2024

Documentation - You can provide feedback on documentation website.

in your email template body use if else logic

if provision team - aaaaaa content to be sent

else bbbbbbb content to be sent

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Assigning two email templates after Grant Access in a Roles Add Workflow is not getting triggered.