Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help with Approval workflow

Go to solution
rajsin
New Contributor II
New Contributor II

‎09/06/2024 07:39 PM

We are trying to create a workflow where we need to reject the access request if someone request privileged entitlement on a non-privileged account, but I am not able to load the workflow after approving. Error in the logs shows as following: -'

2024-09-07T02:33:03.881+00:00 ecm null-ztkfc xml validation error: cvc-complex-type.2.4.a: Invalid content was found starting with element 'reminder'. One of '{http://jbpm.org/4.4/jpdl":on "http://jbpm.org/4.4/jpdl":timer "http://jbpm.org/4.4/jpdl":transition}' is expected. [line=59 column=36 ]: org.xml.sax.SAXParseException; lineNumber: 59; columnNumber: 36; cvc-complex-type.2.4.a: Invalid content was found starting with element 'reminder'. One of '{"http://jbpm.org/4.4/jpdl":on "http://jbpm.org/4.4/jpdl":timer "http://jbpm.org/4.4/jpdl":transition}' is expected."
2024-09-07T02:33:03.881+00:00 ecm null-ztkfc xml validation error: cvc-complex-type.2.1: Element 'reminder' must have no character or element information item [children], because the type's content type is empty. [line=63 column=20 ]: org.xml.sax.SAXParseException; lineNumber: 63; columnNumber: 20; cvc-complex-type.2.1: Element 'reminder' must have no character or element information item [children], because the type's content type is empty.

rajindersingh87_0-1725676563322.png

XML for Workflow as follows:-

<?xml version="1.0" encoding="UTF-8"?>
<process key="Rajinder_Test_Priviliged_Rejection"
name="Rajinder_Test_Priviliged_Rejection" xmlns="http://jbpm.org/4.4/jpdl">
<start name="Start">
<transition to="foreachAccessRequest"/>
</start>
<foreach in="#{RequestAccessKeys}" name="foreachAccessRequest" var="requestaccesskey">
<transition to="check requesttype is Add Access"/>
</foreach>
<decision name="check requesttype is Add Access">
<transition to="check for Admin account">
<condition expr="#{(ars_requests.requesttype == 1) eq true }"/>
</transition>
<transition to="null">
<condition expr="#{(ars_requests.requesttype == 1) ne true }"/>
</transition>
</decision>
<decision name="check for Admin account">
<transition to="check For Privileged Ent">
<condition expr="#{(accounts.privileged == 'Y') eq true }"/>
</transition>
<transition to="null">
<condition expr="#{(accounts.privileged == 'Y') ne true }"/>
</transition>
</decision>
<decision name="check For Privileged Ent">
<transition to="Manager">
<condition expr="#{(entitlement_values.customproperty10 == 'Y') eq true }"/>
</transition>
<transition to="ARS_AUTO_REJECTION No Manager Available to Approve">
<condition expr="#{(entitlement_values.customproperty10 == 'Y') ne true }"/>
</transition>
</decision>
<task name="Manager">
<assignment-handler class="com.saviynt.workflowmgt.managerAssignmentHandler">
<field name="removeitemcf">
<string value="false"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<transition name="Approved By Manager" to="null"/>
<transition name="Rejected By Manager" to="null"/>
<on event="start">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="02.10.01.manager_notification"/>
</field>
</event-listener>
</on>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
<reminder duedate="3 days">
<text><![CDATA[
#{requestaccesskey}__02.10.02.manager_reminder__Manager
]]></text>
</reminder>
</task>
<task name="ARS_AUTO_REJECTION No Manager Available to Approve">
<assignment-handler class="com.saviynt.workflowmgt.ArsCustomAssignmentHandler">
<field name="fieldname">
<string value="UserGroup___ARS_AUTO_REJECTIONS___Any Owner Approval Required"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<transition
name="Approved By ARS_AUTO_REJECTION No Manager Available to Approve" to="null"/>
<transition
name="Rejected By ARS_AUTO_REJECTION No Manager Available to Approve" to="null"/>
<on event="start">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="1_Priviliged_Access_Rejection"/>
</field>
</event-listener>
</on>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
</task>
<join multiplicity="#{quorum}" name="All Approvals Complete Check">
<transition to="End Request"/>
</join>
<java class="com.saviynt.workflowmgt.endrequest"
method="arsendrequest" name="End Request">
<arg>
<object expr="#{reqid}"/>
</arg>
<transition to="endRequest"/>
</java>
<end name="endRequest"/>
</process>

 

ANY SUGGESTIONS?

 

 

 

 

Labels:
0 Kudos
5 REPLIES 5

Go to solution
NM
Esteemed Contributor
Esteemed Contributor

‎09/06/2024 09:38 PM

Hi @rajsin , add grant, reject and end block and link it.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

Go to solution
stalluri
Valued Contributor II
Valued Contributor II

‎09/06/2024 09:47 PM - edited ‎09/06/2024 09:48 PM

@rajsin 
You can try this below workflow. 

Screenshot 2024-09-06 at 11.48.33 PM.png


You can add the custom blocks later on.


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star

‎09/07/2024 05:02 AM

  • All nodes should be point to some action except escalation node
  • every workflow should have start / end block , grant and rejected access block
  • add missing node mapping and blocks

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
rajsin
New Contributor II
New Contributor II

‎09/12/2024 06:03 PM

Thanks, i was able to activate the workflow and load it but get stuck with next issue.

We are saving priviliged value "Y" for entitlement value (Entitlement_Values.CustomProperty10.Default.label
Elevated Privilege) but looks like Entitlement_Values table is not accepted in workflow as request is not getting generated if the condition is true in workflow. Getting the following error:-

"javax.el.PropertyNotFoundException: Cannot resolve identifier 'Entitlement_Values'. 

Can you please suggest what i can use for priviliged entitlement value?

0 Kudos

Go to solution
rajsin
New Contributor II
New Contributor II

‎09/12/2024 06:26 PM

Please ignore my previous request, workflow is working with entitlement.customproperty10 as suggested earlier. Thanks all.

0 Kudos
Copyright © 2024 Khoros, LLC