Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Custom workflow is getting auto approved on remove requests

Suresh1
Regular Contributor
Regular Contributor

Hello Team,

I'm trying to develop a custom workflow where i need to check if ev.cp1='ABC' then, it should follow 2 level approval process, else it should go for 3 level approval. I have attached the WF screenshot here. Same workflow i have tested for new account with add access task (I have enabled Entitlements only flag in security system configs) and its working as expected without any issues for Add access/New account requests.

Also I have this option enabled in EP configs

Suresh1_2-1723561725846.png

Requests are getting auto approved for remove access and remove account requests. Any help here would be highly appreciable.

 

Suresh1_0-1723560831904.png

Suresh1_1-1723561612260.png

 

6 REPLIES 6

dgandhi
All-Star
All-Star

Did you attach any workflow over here for remove access?

dgandhi_0-1723562382133.png

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Suresh1
Regular Contributor
Regular Contributor

Yes, Both Add and Remove having same workflow attached.

Suresh1_0-1723563147745.png

 

NM
Esteemed Contributor
Esteemed Contributor

Hi @Suresh1 , can share a clear image of workflow .

Plus remove account request will get autoapproved, you need to handle it seperately. And remove access task will get created as you have enabled "dependent task" functionality in endpoint. It is an expected behaviour.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Validate if it removes access / account task using below condition

Remove Access:

com.saviynt.ecm.workflow.Request_Access.get(Long.valueOf(requestaccesskey.toString())).requesttype == 2

rushikeshvartak_0-1723564612603.png

 

------

Remove Account  requestcounts.DELETE_ACC_REQUESTS_COUNT > 0

rushikeshvartak_1-1723564651592.png

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak , i have tried the both syntaxes but no luck, It is getting me through till resource owner block and then gets approved, its not going to the access approval block (Third level approval).

Suresh1_1-1723664470430.png

 

 

Share logs in text file

  • check entitlement !=null

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.