Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

New account request workflow

markmora
New Contributor III
New Contributor III

In Saviynt 5.5SP3, can I have an approval workflow for accounts that use TASK: Resource owner approval and entitlements that use TASK: Access approval, and the entitlement task is only created if the account was approved?

markmora_0-1682524436431.png

 

6 REPLIES 6

markmora
New Contributor III
New Contributor III

I've tried the xml workflow below, I'm requesting a new account and also entitlement, I want to accept the account and reject the entitlement, the task for the account is created correctly if I reject the entitlement first and then I approve the account, but If I accept the account first and then I reject the entitlement Saviynt is creating one task for a new account and also one task for entitlement which was rejected, we expect to create only one new account task regardless of the approved order.

Do you have any suggestions for my XML workflow?

 

<?xml version="1.0" encoding="UTF-8"?>
<process key="Generic UI" name="Generic UI"
xmlns="http://jbpm.org/4.4/jpdl">
<start name="Start">
<transition to="foreachAccessRequest"/>
</start>
<foreach in="#{RequestAccessKeys}" name="foreachAccessRequest" var="requestaccesskey">
<transition to="CheckIfAccountRequest"/>
</foreach>
<decision name="CheckIfAccountRequest">
<transition to="AccountApproval">
<condition
expr="(((ars_requests.requesttype==3) &amp;&amp; (entitlementslist.get(requestaccesskey)==null))) == true " lang="groovy"/>
</transition>
<transition to="EntitlementApproval">
<condition
expr="(((ars_requests.requesttype==3) &amp;&amp; (entitlementslist.get(requestaccesskey)==null))) == false " lang="groovy"/>
</transition>
</decision>
<task name="AccountApproval">
<assignment-handler class="com.saviynt.workflowmgt.resourceownerAssignmentHandler">
<field name="removeitemcf">
<string value="true"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<transition name="Approved By AccountApproval" to="All Approvals Complete Check"/>
<transition name="Rejected By AccountApproval" to="End Request"/>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
</task>
<task name="EntitlementApproval">
<assignment-handler class="com.saviynt.workflowmgt.RoleOwnerAssignHandlerAllRankApprByOne">
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>
<on event="end">
<event-listener class="com.saviynt.workflowmgt.JBPMTaskEventListner">
<field name="msg">
<string value="null"/>
</field>
</event-listener>
</on>
<transition name="Approved By EntitlementApproval" to="All Approvals Complete Check"/>
<transition name="Rejected By EntitlementApproval" to="Reject"/>
</task>
<java class="com.saviynt.workflowmgt.grantaccess"
method="createAccessForApproved" name="Grant">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<transition to="End Request"/>
</java>
<java class="com.saviynt.workflowmgt.rejectaccess"
method="denyAccess" name="Reject">
<arg>
<object expr="#{requestaccesskey}"/>
</arg>
<transition to="All Approvals Complete Check"/>
</java>
<join multiplicity="#{quorum}" name="All Approvals Complete Check">
<transition to="Grant"/>
</join>
<java class="com.saviynt.workflowmgt.endrequest"
method="arsendrequest" name="End Request">
<arg>
<object expr="#{reqid}"/>
</arg>
<transition to="endRequest"/>
</java>
<end name="endRequest"/>
</process>

 

 

rushikeshvartak
All-Star
All-Star

Account should be approved to create access for entitlements. Entitlement task created issue what is task type ? Add/ remove


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

markmora_0-1683034604548.pngmarkmora_1-1683034627957.pngmarkmora_2-1683034642899.pngmarkmora_3-1683034658965.png

This is New account request type with new account and add access tasks.

 

 

We are handling the new account request and access request in the same workflow, so we don't want access request to be approved and task to be created before the account is approved. What I'm trying to do is to create a request and send the approvals, and when all approvals are completed, Saviynt should create the tasks.

In order to accomplish this, we are utilizing the All Approvals Complete Check method in the XML. Everything works perfectly, however, if I accept the account first and then reject the access, two tasks are created—one for the new account and one for the add access that was rejected.

If I do the opposite, first reject entitlement, then approve the new account, the result is only 1 task created for the new account, this is what we expect.

markmora
New Contributor III
New Contributor III

Any suggestions?

markmora
New Contributor III
New Contributor III

Vote for the idea to have an account workflow in Saviynt. https://ideas.saviynt.com/ideas/EIC-I-4723