Entitlements are getting provisioning even after the second level approver (owner)(work group member) rejects the request. When we have any identity updated as owner then the flow works fine.
SailPoint team responded with : -
Owner approvals seem to be hard-coded as parallel poll:
The way to work around this is to add an approvalAssignmentRule to the parent Approval arguments and iterate over the approvals, setting the mode to whatever they prefer
Hi Praveen
Let me send you the approach
In stead of workgroup in Entitlement owner assign single identity and also you can create extended attribute and add workgroup in it.
And in Approvalscheme add it’s based on condition then there will be no issue
can check events for request access rejected (technicalName:ACCESS_REQUEST_REJECTED), get some info
Please tag to IIQ despite of ISC.
Where should I check that in IIQ?
Please use below code in your workflow
approvalScheme
<![CDATA[
import sailpoint.object.ManagedAttribute;
ManagedAttribute ma = (ManagedAttribute) plan.get(“managedAttribute”);
String approvalScheme = “manager,owner”;
if (ma != null) {
String approvalWorkgroup = ma.getExtendedAttribute(“approvalworkgroup”);
if (approvalWorkgroup != null && !approvalWorkgroup.trim().isEmpty()) {
approvalScheme = “manager,” + approvalWorkgroup;
}
}
return approvalScheme;
]]>
Then it will solve your problem