04/26/2023 08:55 AM
In Saviynt 5.5SP3, can I have an approval workflow for accounts that use TASK: Resource owner approval and entitlements that use TASK: Access approval, and the entitlement task is only created if the account was approved?
05/01/2023 09:37 PM
I've tried the xml workflow below, I'm requesting a new account and also entitlement, I want to accept the account and reject the entitlement, the task for the account is created correctly if I reject the entitlement first and then I approve the account, but If I accept the account first and then I reject the entitlement Saviynt is creating one task for a new account and also one task for entitlement which was rejected, we expect to create only one new account task regardless of the approved order.
Do you have any suggestions for my XML workflow?
<?xml version="1.0" encoding="UTF-8"?>
<process key="Generic UI" name="Generic UI"
xmlns="http://jbpm.org/4.4/jpdl">
<start name="Start">
<transition to="foreachAccessRequest"/>
</start>
<foreach in="#{RequestAccessKeys}" name="foreachAccessRequest" var="requestaccesskey">
<transition to="CheckIfAccountRequest"/>
</foreach>
<decision name="CheckIfAccountRequest">
<transition to="AccountApproval">
<condition
expr="(((ars_requests.requesttype==3) && (entitlementslist.get(requestaccesskey)==null))) == true " lang="groovy"/>
</transition>
<transition to="EntitlementApproval">
<condition
expr="(((ars_requests.requesttype==3) && (entitlementslist.get(requestaccesskey)==null))) == false " lang="groovy"/>
</transition>
</decision>
<task name="AccountApproval">
<assignment-handler class="com.saviynt.workflowmgt.resourceownerAssignmentHandler">
<field name="removeitemcf">
<string value="true"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<transition name="Approved By AccountApproval" to="All Approvals Complete Check"/>
<transition name="Rejected By AccountApproval" to="End Request"/>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
</task>
<task name="EntitlementApproval">
<assignment-handler class="com.saviynt.workflowmgt.RoleOwnerAssignHandlerAllRankApprByOne">
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
<transition name="Approved By EntitlementApproval" to="All Approvals Complete Check"/>
<transition name="Rejected By EntitlementApproval" to="Reject"/>
</task>
<java class="com.saviynt.workflowmgt.grantaccess"
method="createAccessForApproved" name="Grant">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<transition to="End Request"/>
</java>
<java class="com.saviynt.workflowmgt.rejectaccess"
method="denyAccess" name="Reject">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<transition to="All Approvals Complete Check"/>
</java>
<join multiplicity="#{quorum}" name="All Approvals Complete Check">
<transition to="Grant"/>
</join>
<java class="com.saviynt.workflowmgt.endrequest"
method="arsendrequest" name="End Request">
<arg>
<object expr="#{reqid}"/>
</arg>
<transition to="endRequest"/>
</java>
<end name="endRequest"/>
</process>
05/01/2023 09:51 PM
Account should be approved to create access for entitlements. Entitlement task created issue what is task type ? Add/ remove
05/02/2023 06:39 AM
This is New account request type with new account and add access tasks.
05/02/2023 07:42 AM
We are handling the new account request and access request in the same workflow, so we don't want access request to be approved and task to be created before the account is approved. What I'm trying to do is to create a request and send the approvals, and when all approvals are completed, Saviynt should create the tasks.
In order to accomplish this, we are utilizing the All Approvals Complete Check method in the XML. Everything works perfectly, however, if I accept the account first and then reject the access, two tasks are created—one for the new account and one for the add access that was rejected.
If I do the opposite, first reject entitlement, then approve the new account, the result is only 1 task created for the new account, this is what we expect.
05/02/2023 11:18 PM
Any suggestions?
06/05/2023 06:04 PM
Vote for the idea to have an account workflow in Saviynt. https://ideas.saviynt.com/ideas/EIC-I-4723