Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/03/2024 09:31 AM
Hello there, I have a requirement to send email to user (limited visibility in contents) + to manual provisioning team after Grant Access step, I have this workflow in parallel, and highlighted changes in red.
<?xml version="1.0" encoding="UTF-8"?>
<process key="Role Request WF" name="Role Request WF" xmlns="http://jbpm.org/4.4/jpdl">
<start name="Start">
<transition to="foreachAccessRequest"/>
</start>
<foreach in="#{RequestAccessKeys}" name="foreachAccessRequest" var="requestaccesskey">
<transition to="Check Requester"/>
</foreach>
<decision name="Check Requester">
<transition to="Grant">
<condition expr="#{(ars_requests.requestor==endpoints.get(requestaccesskey).requestowner) eq true }"/>
</transition>
<transition to="Manager Approval">
<condition expr="#{(ars_requests.requestor==endpoints.get(requestaccesskey).requestowner) ne true }"/>
</transition>
</decision>
<task name="Manager Approval">
<assignment-handler class="com.saviynt.workflowmgt.managerAssignmentHandler">
<field name="removeitemcf">
<string value="true"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<transition name="Approved By Manager Approval" to="Grant"/>
<transition name="Rejected By Manager Approval" to="Reject"/>
<on event="start">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="ACCESS APPROVAL REQUEST"/>
</field>
</event-listener>
</on>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
<reminder duedate="9 minutes">
<text><![CDATA[
#{requestaccesskey}__ACCESS APPROVAL REQUEST REMINDER__Manager Approval
]]></text>
</reminder>
</task>
<java class="com.saviynt.workflowmgt.grantaccess"
method="createAccess" name="Grant">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<arg>
<object expr="ACCESS REQUEST COMPLETE : SENT TO PROVISIONER___Grant"/>
<object expr="ROLE PROVISION ACCESS REQUEST___Grant"/>
</arg>
<transition to="All Approvals Complete Check"/>
</java>
<java class="com.saviynt.workflowmgt.rejectaccess"
method="denyAccess" name="Reject">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<arg>
<object expr="ACCESS NOT COMPLETED : REQUEST REJECTED___Reject"/>
</arg>
<transition to="All Approvals Complete Check"/>
</java>
<join multiplicity="#{quorum}" name="All Approvals Complete Check">
<transition to="End Request"/>
</join>
<java class="com.saviynt.workflowmgt.endrequest"
method="arsendrequest" name="End Request">
<arg>
<object expr="#{reqid}"/>
</arg>
<transition to="endRequest"/>
</java>
<end name="endRequest"/>
</process>
05/03/2024 11:35 AM - edited 05/03/2024 11:36 AM
05/03/2024 02:18 PM
This is being used for enterprise role request and our role is supposed to create account and grant access to multiple endpoints once approved. Do I have to assign the task level email in every endpoint? (let's say that would be used to notify manual provisioners)
05/04/2024 07:56 AM
You can keep other team in cc why needed another grant block ? It will create duplicate tasks.
please share workflow snippets
05/06/2024 09:36 AM
Hi there, the reason for 2 templates are:
1. (Template 1) To Manual provisioner: with details to login/navigate and approve/reject the access requested via enterprise role.
2. (Template 2) To End User + Requester: Your request has been approved.
It does not make sense to attach same email to enduser+request+provisioner based on above scenarios.
Here is the picture of snippet, if that is what you asked.
05/06/2024 10:05 AM
You need to have single grant task block in workflow to avoid duplicate task
05/06/2024 12:08 PM
I agree, but to accommodate my use case where, 1 template will contain instructions for manual provisioner and another template 2 to end user+requester which will have simple email saying, "your request for role has been approved". I am thinking of attaching the template 2 on manager's approval block (notification to requester) and template 1 on grant block, with a consideration that if approved, no notification and if rejected, rejected will have rejected email template. This is not a good approach but could be a last straw.
05/06/2024 06:27 PM
Email template content add if else logic to validate if its requestor /user or provisioning team
05/07/2024 05:59 AM
I didn't get that. It would be great to have some documentation on available custom classes of workflow management for these type of action items.
05/07/2024 06:03 AM
Documentation - You can provide feedback on documentation website.
in your email template body use if else logic
if provision team - aaaaaa content to be sent
else bbbbbbb content to be sent