Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Workflow : Check multiples or single owners on single entitlement for Auto approval

VrushaliL
New Contributor
New Contributor

Case : If requestor is a entitlement owner of requested entitlement then request should be Auto approve else it go with manager approval. 
Note we have single or multiple owners to a single entitlement with rank 1.
So I used below IF-else conditions, but its not working.

1)   ${requestedby.id} in (Select userkey from entitlement_owners where ENTITLEMENT_VALUEKEY = 778850 and entitlement_owners.RANK = 1)

2)   requestedby.username.contains(entitlement.getOwnerRank1().username)

3)  (com.saviynt.ecm.identitywarehouse.domain.entitlement_owners.executeQuery("select eo.userkey from entitlement_owners eo where eo.ENTITLEMENT_VALUEKEY = 778850 AND eo.RANK=1 AND eo.userkey='${requestedby.id}'?.size() != 0)

Below workflow for your reference.

VrushaliL_0-1712291842510.png

 

Please provide solution.

Thanks,

Vrushali

[This post has been edited by a Moderator. We discourage the @ mention of other forum users or employees unless they have already involved themselves on the forum post.]

37 REPLIES 37

rushikeshvartak
All-Star
All-Star

(com.saviynt.ecm.identitywarehouse.domain.Entitlement_values.executeQuery("SELECT count(*) FROM Entitlement_values ev,Entitlementowners eo WHERE ev.id=eo.id and ev.rank=1  and ev.entitlement_Value='${entitlement.entitlement_Value}' ").size()!=1)

 

Use above condition in if else and language = groovy


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

VrushaliL
New Contributor
New Contributor

Hello Rushikesh,

The mentioned groovy query is not working. Showing same issue.

VrushaliL_0-1712299381560.png

 



Regards,

Vrushali

Please share logs and workflow screenshots 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

VrushaliL
New Contributor
New Contributor

Hello @rushikeshvartak,
Please find below the screenshots for your reference.


Logs:

VrushaliL_2-1712423664883.png

VrushaliL_3-1712423699036.png

Workflow:

VrushaliL_4-1712423843480.png

 

I don't get any logs related to workflow.

Regards,
Vrushali

 

 

 

VrushaliL
New Contributor
New Contributor

Hello @rushikeshvartak,
Could you please check provided workflow and logs.
Let me know if anything else is required from my end.

Regards,
Vrushali.

@VrushaliL : Use this below condition which should work for single or multiple owners as Rank1

entitlement.getOwnerRank1().contains(requestedby.username) eq true

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

VrushaliL
New Contributor
New Contributor

Hello @Saathvik,
Facing the same issue after using this SQL query. Actually not able to submit a request through the ARS page.
Please find attached screenshots of workflow, and errors on the ARS page.

VrushaliL_1-1712591644860.png

VrushaliL_0-1712590566649.png


Regards,
Vrushali.

VrushaliL
New Contributor
New Contributor

Also attached below the screenshots of logs.

VrushaliL_11-1712592054108.png

 

VrushaliL_12-1712592090005.png

VrushaliL_13-1712592130775.png

Regards,

Vrushali.

[This post has been edited by a Moderator to remove sensitive information.]

Workflow share above and logs does not match 

Please avoid special characters in If else block name (without multiple _) and wf name without space 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Hello Rushikesh,
As you suggested I make changes in names and attached the screenshots of logs with searched workflow name.
Workflow:

VrushaliL_0-1712646761546.pngVrushaliL_1-1712646940827.pngVrushaliL_2-1712646988899.pngVrushaliL_3-1712647021258.pngVrushaliL_4-1712647034259.png

Regards,
Vrushali.

  • Please confirm 
  • Workflow has been saved & loaded
  • attached to security system
  • ran microservices job
  • raised request 
  • please share logs when you click submit on step 3 not during saving wf

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Hi @rushikeshvartak ,

Performed the steps mentioned by you and uploaded the log file. Please check.

Kaustubh Pawar
Saviynt Certified IGA Professional

Error :

"2024-04-15T10:31:30.691+00:00","ecm","","null-7rgbg","","org.jbpm.api.JbpmException: script evaluation error: javax.script.ScriptException: java.lang.NullPointerException: Cannot get property 'entitlementslist' on null object at

Are you requesting entitlements having owners ?

add one more if check 

entitlement.getOwnerRank1().size() ne 0

https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter12-Workflows/Workflow-Compon...


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

I have tried but not able to submit the request. Workflow as follows:

Kaustubh_0-1713270069430.png

 

Kaustubh Pawar
Saviynt Certified IGA Professional

What is type of workflow .

Workflow shared previous post was different 

Error : Exception in workflow service"
"2024-04-16T12:12:43.327+00:00","ecm","","null-gk76z","","javax.el.PropertyNotFoundException: Target unreachable, base expression '<method>' resolved to null at de.odysseus.el.tree.impl.ast.AstMethod.invoke(AstMethod.java:84) at de.odysseus.el.tree.impl.ast.AstMethod.eval(AstMethod.java:78) at de.odysseus.el.tree.impl.ast.AstMethod.invoke(AstMethod.java:82) at de.odysseus.el.tree.impl.ast.AstMethod.eval(AstMethod.java:78) at de.odysseus.el.tree.impl.ast.AstBinary$SimpleOperator.eval(AstBinary.java:31) at de.odysseus.el.tree.impl.ast.AstBinary.eval(AstBinary.java:110) at de.odysseus.el.tree.impl.ast.AstNested.eval(AstNested.java:31) at 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Workflow type is parallel.

The entitlements have different owners. If one of the owner/manager submits the request it should be auto approved. 

If the application owner requests access for themselves (application owner is the beneficiary), the request should route to the manager for approval.

Kaustubh Pawar
Saviynt Certified IGA Professional

Which part is not working explain with help of table

RequestorEnd UserApproverExpected Result 
    
    

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

When trying to submit a request, getting error as

'Request not Submitted. Please contact your administrator.'

Kaustubh_0-1713327643063.png

 

Kaustubh Pawar
Saviynt Certified IGA Professional

Its hard time to understand as every reply you are responding different. Please provide below information 

  1. Workflow screenshot
  2. Workflow Extract
  3. Workflow Possible test case in table and expected o/p

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Workflow:

Kaustubh_0-1713328802575.png

Workflow test case:

RequestorEnd UserApproverExpected Result 

Error at requestor level

  

Request should get submitted

    
Kaustubh Pawar
Saviynt Certified IGA Professional

Change first if else block language to groovy


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Selected expression language as groovy in both if else block. Same error.

Kaustubh Pawar
Saviynt Certified IGA Professional

Are you raisining application request ?


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Requesting account and an entitlement having owner.

Kaustubh Pawar
Saviynt Certified IGA Professional

Can you provide detailed replication steps. 

Are you requesting application ?


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Logged in as an entitlement owner.

Request access for others -> Selected a user, application and entitlement that I am owner of. -> Submit the request.

Error:  'Request not submitted. Contact your administrator'.

Kaustubh Pawar
Saviynt Certified IGA Professional

try attached


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

I am able to submit the request but it is getting assigned to the manager.

Kaustubh_1-1713420259834.png

Kaustubh_2-1713420672468.png

 

Kaustubh Pawar
Saviynt Certified IGA Professional

Kaustubh
New Contributor III
New Contributor III

@rushikeshvartak 

I am entitlement owner of an entitlement of rank 1 and requested for a person already having access to the application. Still the request was routed to manager for approval.

Kaustubh Pawar
Saviynt Certified IGA Professional

Please confirm below

  • Requestor : Rushi
  • End User : Rushi
  • Entitlement Owner : Rushi
    • Expected - Auto approve ?

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Rushi requesting for Kaustubh as below-

  • Requestor: Rushi
  • End user: Kaustubh
  • Entitlement Owner: Rushi

Expected- Auto approve.

Kaustubh Pawar
Saviynt Certified IGA Professional

Change entitlement.getOwnerRank1().contains(requestedby.username) eq true or entitlement.getOwnerRank1().contains(user.username) eq true


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Above query is working as expected.

If entitlement owner is selecting multiple entitlements, the other entitlements should be routed to respective entitlement owners.

Currently the other entitlements are being routed to manager for approval.

Kaustubh Pawar
Saviynt Certified IGA Professional

VrushaliL
New Contributor
New Contributor

Hello @rushikeshvartak ,

As you mentioned above, I followed all steps but its showing same error.

Attached screenshots for your reference.

VrushaliL_0-1712732411898.pngVrushaliL_1-1712732428575.pngVrushaliL_2-1712732449372.pngVrushaliL_3-1712732481387.png

This is the overall logs. Let me know if you required any specific log to be extract.

Regards,
Vrushali.

This logs unrelated please share logs in file


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

VrushaliL
New Contributor
New Contributor

Hello @rushikeshvartak ,
I am not able to attach any files here.
Please, let me know from which keyword I extract the logs and attach here the screenshots for same.

Regards,
Vrushali.

I don’t any word handy to suggest. Based on logs checking before and after i can suggest possible error and root cause .

check if you can send email from client to your company email and attach


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.