Which IIQ version are you inquiring about?
8.3
Share all details about your problem, including any error messages you may have received.
Dear Team,
We currently have an Approval Assignment Rule set up for two-level approvals, but we are facing a few scenarios where the behavior isn’t as expected. Below are the details:
Scenario 1: Add Request with Multiple IT Roles
- In this scenario, one business role is associated with two IT roles (ITRole1 and ITRole2, both permitted).
- The business role has “Additional Approval Required: False”, but the request is still being routed for approval, specifically in the case of an Add Request.
- ITRole1 has “Additional Approval Required: False”
- ITRole2 has “Additional Approval Required: True”
Expected Behavior:
- Both the Business role and ITRole1 should not go for owner approval (since the “Additional Approval Required” attribute is set to false).
- Only ITRole2 should be routed for owner approval after manager approval.
Scenario 2: Remove Request with Additional Approval
- In the case of a Remove Request, after manager approval, the request is still being routed for owner approval when “Additional Approval Required: True” is set.
Expected Behavior:
- For a Remove Request, after manager approval, access should be revoked based on the manager’s decision, even if “Additional Approval Required: True” is set.
Can someone assist with identifying the changes required to achieve the expected outcomes in both of these scenarios?
import sailpoint.tools.*;
import sailpoint.object.*;
import java.util.*;
import sailpoint.object.Workflow.Approval;
boolean isApprovalItemNotRequired(ApprovalItem approvalItem) {
boolean isNotRequired = false;
log.error("getClass-- "+approvalItem.getValue()+" --"+approvalItem.getValue().getClass());
String roleName;
if (approvalItem.getValue() instanceof String) {
roleName = approvalItem.getValue();
} else if ((approvalItem.getValue() instanceof List) @and approvalItem.getValue().size() @gt 0) {
roleName = approvalItem.getValue().get(0); // in many cases, the approval item value is in a list. Get the first list value.
}
if (Util.isNotNullOrEmpty(roleName)) {
Bundle role = context.getObjectByName(Bundle.class, roleName);
if (role != null) {
if(role.getAttribute("additionalApprovalRequired")!=null)
{
log.error("Outside the logic ::::::");
if(approvalItem.getOperation().contains("Remove")){
log.error("Inside the 1st if logic ::::::"+approvalItem);
boolean approvalType = false;
if(role.getAttribute("additionalApprovalRequired") instanceof String)
{
if("TRUE".equalsIgnoreCase(role.getAttribute("additionalApprovalRequired")))
approvalType=true;
}
else
approvalType = Util.nullsafeBoolean(role.getAttribute("additionalApprovalRequired"));
if (!approvalType){
// if approval is not required, remove the approval item
log.error("roleName " + roleName + " does not require approval");
isNotRequired = true;
}
}
}
} // role is not null end
}
return isNotRequired;
}
/* Main Script */
//log.error("Sam Approval Assignment rule is triggered");
Set itemsToApprove = new HashSet();
int approvalNum = 0;
while (approvalNum @lt approvals.size()) {
Approval approval = approvals.get(approvalNum);
// If approval contains children approvals, process children approvals instead
List childrenApproval = approval.getChildren();
//log.error("childrenApproval: "+childrenApproval);
if (childrenApproval != null @and childrenApproval.size() @gt 0) {
int childApprovalNum = 0;
while (childApprovalNum @lt childrenApproval.size()) {
Approval childApproval = childrenApproval.get(childApprovalNum);
boolean childApprovalNotRequired = false;
// If manager approval, leave the approval as it is.
String approvalDesc = childApproval.getDescription();
//log.error("approvalDesc: " + approvalDesc);
if(approvalDesc != null @and approvalDesc.startsWith("Manager Approval")) {
// List all items into itemsToApprove set
ApprovalSet approvalSet = childApproval.getApprovalSet();
if (approvalSet != null) {
List approvalItems = approvalSet.getItems();
if (approvalItems != null @and approvalItems.size() @gt 0) {
for(ApprovalItem approvalItem : approvalItems){
itemsToApprove.add(approvalItem.getId());
}
}
}
childApprovalNum++;
continue;
}
// iterate ApprovalItems in the ApprovalSet
ApprovalSet approvalSet = childApproval.getApprovalSet();
if (approvalSet != null) {
List approvalItems = approvalSet.getItems();
if (approvalItems != null @and approvalItems.size() @gt 0) {
// for every approval item, get requested role name (value) and check if the role requires additional approval
int itemNo = 0;
while (itemNo @lt approvalItems.size()) {
ApprovalItem approvalItem = approvalItems.get(itemNo);
if (isApprovalItemNotRequired(approvalItem)) {
approvalItems.remove(itemNo);
} else {
itemsToApprove.add(approvalItem.getId()); // Add item into itemsToApprove set
itemNo++;
}
}
if (!(approvalItems.size() @gt 0)) {
childApprovalNotRequired = true;
}
}
}
if(childApprovalNotRequired){
childrenApproval.remove(childApprovalNum);
} else {
childApprovalNum++;
}
}
approvalNum++;
} else {
boolean approvalNotRequired = false;
// If manager approval, leave the approval as it is.
String approvalDesc = approval.getDescription();
//log.error("approvalDesc: " + approvalDesc);
if(approvalDesc != null @and approvalDesc.startsWith("Manager Approval")) {
// Add all items into itemsToApprove set
ApprovalSet approvalSet = approval.getApprovalSet();
if (approvalSet != null) {
List approvalItems = approvalSet.getItems();
if (approvalItems != null @and approvalItems.size() @gt 0) {
for(ApprovalItem approvalItem : approvalItems){
itemsToApprove.add(approvalItem.getId());
}
}
}
approvalNum++;
continue;
}
// iterate ApprovalItems in the ApprovalSet
ApprovalSet approvalSet = approval.getApprovalSet();
if (approvalSet != null) {
List approvalItems = approvalSet.getItems();
if (approvalItems != null @and approvalItems.size() @gt 0) {
// for every approval item, get requested role name (value) and check if the role requires additional approval
int itemNo = 0;
while (itemNo @lt approvalItems.size()) {
ApprovalItem approvalItem = approvalItems.get(itemNo);
if (isApprovalItemNotRequired(approvalItem)) {
approvalItems.remove(itemNo);
} else {
itemsToApprove.add(approvalItem.getId()); // Add item into itemsToApprove set
itemNo++;
}
}
if (!(approvalItems.size() @gt 0)) {
approvalNotRequired = true;
}
}
}
if(approvalNotRequired){
approval.remove(approvalNum);
} else {
approvalNum++;
}
}
}
// Update main approvalSet: remove any approvalItem not in itemsToApprove set
log.error("itemsToApprove",new Throwable(itemsToApprove.toString()));
List mainApprovalItems = approvalSet.getItems();
if (mainApprovalItems != null @and mainApprovalItems.size() @gt 0) {
int itemNo = 0;
while (itemNo @lt mainApprovalItems.size()) {
ApprovalItem mainApprovalItem = mainApprovalItems.get(itemNo);
if (mainApprovalItem != null @and !itemsToApprove.contains(mainApprovalItem.getId())) {
// remove approvalItem not in itemsToApprove set
mainApprovalItems.remove(itemNo);
} else {
itemNo++;
}
}
}
// for test purpose
//approvalSet.remove(approvalSet.getItems().get(0));
log.debug("approvalSet",new Throwable(approvalSet.toXml()));
for (Approval approval : approvals){
log.debug("Approval : " + approval.getName(),new Throwable(approval.toXml()));
}
return approvals;