Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trigger only manager approval to a specific endpoint. (XML)

ShyamSrisailam
Regular Contributor
Regular Contributor

‎01/28/2024 10:59 PM - edited ‎01/28/2024 11:03 PM

Hi All,
 
There is a workflow where it will go for 3 level of approval (Manager and Group Owner and Entitlement Owner approvals) and we we using 3 if else conditions wheather it should go for these approvals or not.
 
Level 1 : Manager approval (We mentioned a if-else condition if the request should gor for manager approval or if condition fails it will check the second if condtion)
 
Level 2 : Group Owner approval (if CP39 has a value it should go for group owner approval or it fails the condition and goes for next if-else condition)
 
Level3 : Entitlement Owner approval (if entitlement has owner, it should got for entitlement owner approval OR it fails the condition and grants the access)
 
END
 
We are using this workflow in Active Directory security system which is a Parent endpoint and there are some child endpoints for AD.
 
Requirement:
 
For one of the child endpoints, once user submits the request it should go only for Manager approval and once approved it should directly Grant access without going for next 2 level approvals (i.e., Group and entitlement owner approvals)
 
FYI, currently this workflow is only updated through XML since we have updated the workflow in XML format long back.
 
##Attached XML workflow for reference
 
Tested by adding condition in XML:
 
I tried keeping a condition in 2nd and 3rd if-else conditions as below(highlighted), but it only approved new account request and access didn't approve in manager approval. (since, we are requesting both access in that child endpoint)
 
<decision name="CheckGroup">
        <transition to="isOwnerExist">
            <condition expr="#{((endpoints.get(request_access.id).endpointname=='SRM_Active_Directory') or ((entitlementslist.get(requestaccesskey).customproperty39 == '') or (entitlementslist.get(requestaccesskey).customproperty39 eq null))) eq true }"/>
        </transition>
        <transition to="Group Owner Approval">
            <condition expr="#{((endpoints.get(request_access.id).endpointname=='SRM_Active_Directory') or ((entitlementslist.get(requestaccesskey).customproperty39 == '') or (entitlementslist.get(requestaccesskey).customproperty39 eq null))) ne true }"/>
        </transition>
    </decision>
    <decision name="isOwnerExist">
        <transition to="All Approvals Complete Check">
            <condition expr="#{((endpoints.get(request_access.id).endpointname=='SRM_Active_Directory') or ((entitlementslist.get(requestaccesskey).ownerRank1 == null) or (entitlementslist.get(requestaccesskey).ownerRank1.size() == 0 ))) eq true }"/>
        </transition>
        <transition to="Entitlement Owner Approval">
            <condition expr="#{((endpoints.get(request_access.id).endpointname!='SRM_Active_Directory') or ((entitlementslist.get(requestaccesskey).ownerRank1 == null) or (entitlementslist.get(requestaccesskey).ownerRank1.size() == 0 ))) ne true }"/>
        </transition>
    </decision>
 
Let me know if anyone has a condition where it has to trigger only for manager approval for a specific endpoint for the above if-else condition?
 
Regards
SrisailamShyamSundarGoud
transport_sshyamBackUpDEV_2024-01-24_18-21-17(UTC).zip
0 Kudos
4 REPLIES 4

CR
Regular Contributor III
Regular Contributor III

‎01/28/2024 11:23 PM

Hi,

Add once if else condition with Endpoint criteria mapping ,under start based on exiting false condition.

For approval create Custom assignment with manager query 

Example :

<assignment-handler class="com.saviynt.workflowmgt.ArsCustomAssignmentHandler">
<field name="fieldname">
<string value="CustomQuery___(select manager as userkey from users where userkey in(select manager from users where manager = ${user.manager}))___Any Owner Approval Required"/>
</field>
<field name="mitigatingControlRisk">
<string value="[]"/>
</field>
</assignment-handler>

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

ShyamSrisailam
Regular Contributor
Regular Contributor
In response to CR

‎01/29/2024 04:33 AM

Hi @CR ,

Thanks for the response and the idea.

I have tried the similar way, but I have added one if-else condition and one manager approval task before 1st if-else condition like there will be 4 if-else conditions.

if endpoint (Ex: "ept1") then it should go for SRM manager approval and once approves it should End.

if the above condition fails it should check for the 2nd if-else condition. (if fails) 3rd if condtion (if fails) 4th (if fails) End.

I have updated the XML and checked the flow and uploaded it.

But when I request a user for the child endpoint it not submitting request and giving me the below error. What I'm thinking is that do we need to change the JSONDATA as well which is present in the starting of the XML?

ShyamSrisailam_0-1706531212884.png

 

Attached the updated XML.

 

Regards
SrisailamShyamSundarGoud
transport_Updated_Add_Access_WF_DEV_2024-01-24_18-21-17(UTC).zip
0 Kudos

CR
Regular Contributor III
Regular Contributor III

‎01/29/2024 05:07 AM

Look like error some time it happened , try after re-login / restart

its exiting flow  endpoint 'SRM_Active_Directory' you going to modify or new endpoint adding ?

Query added ? am not finding in your zip file ?


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

ShyamSrisailam
Regular Contributor
Regular Contributor

‎01/30/2024 10:22 AM

Hi @CR ,

I have logged out and logged in but still same issue and it's a new account request.

I haven't added the custom assignment. I have added new manager approval task in the XML. You can find 2 task's of Manager Approval in the .zip file

1st name of the manager approval: SRM Manager Approval

2nd name of the manager approval: Manager approval

 

Regards
SrisailamShyamSundarGoud
0 Kudos
Copyright © 2024 Khoros, LLC