How to create multi-level approval for Access Request

IdentityIQ (IIQ) IIQ Discussion and Questions
,
4

Hi @anloh

You can create a Approval Assigment Rule based in the following example code

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule  language="beanshell"  name="Approval Assingment Rule" type="ApprovalAssignment">
  <Signature returnType="null">
    <Inputs>
      <Argument type="log">
        <Description>
The log object associated with the SailPointContext.
</Description>
      </Argument>
      <Argument type="context">
        <Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
      </Argument>
      <Argument type="approvals">
        <Description>
List of approvals generated by the approvalScheme, maybe null if there were no
          approvals enabled.
</Description>
      </Argument>
      <Argument type="approvalSet">
        <Description>
Representation of the cart, also found on the approvals generated by the
          default schemes.
</Description>
      </Argument>
    </Inputs>
    <Returns>
      <Argument type="approvals">
        <Description>
Return a lIst of Workflow.Approval objects that should be included during the approval process.
</Description>
      </Argument>
    </Returns>
  </Signature>
  <Source>
  import sailpoint.object.*;
  import sailpoint.workflow.IdentityApprovalGenerator;
  import sailpoint.tools.xml.XMLObjectFactory;

  Map approvalMap = new HashMap();
  String extraLevelApproval;

  for (ApprovalItem item : approvalSet.getItems()) {
    String itemAppName = item.getApplicationName();
    String itemDisplayName = item.getDisplayName();
    String itemOperation = item.getAttribute("operation");
    String itemName = item.getName();
    String itemValue = null;
    Object itemValueObj =  item.getValue();
    

    if (itemValueObj!=null){
      
      // Multi-value check
      if (itemValueObj instanceof String){
        itemValue = (String) itemValueObj;
      } else{
        itemValue = itemValueObj.get(0);
      }
      
      // Check if role and operation
      if ( null != itemDisplayName &amp;&amp; itemDisplayName.equalsIgnoreCase("Role") &amp;&amp; null != itemOperation &amp;&amp; itemOperation.equalsIgnoreCase("RoleAdd")) {
        
        if (itemValue != null &amp;&amp; !itemValue.isEmpty()) { 
          
          String roleName = itemValue;
          Bundle role = context.getObjectByName(Bundle.class, roleName);
          
          // Checking for additional approvals
          if (null != role &amp;&amp; null != role.getExtendedAttribute("extraLevelApprovals") &amp;&amp; !role.getExtendedAttribute("extraLevelApprovals").isEmpty()){
            
            if (null != role.getExtendedAttribute("extraLevelApprovals") &amp;&amp; !role.getExtendedAttribute("extraLevelApprovals").isEmpty() ){
              
              List extralevellist = Arrays.asList(role.getExtendedAttribute("extraLevelApprovals").split(","));
              
              for (String approver: extralevellist){
                
                ApprovalSet newSet = approvalMap.get(approver);
                if (newSet == null){
                  newSet = new ApprovalSet();
                }
                newSet.add(XMLObjectFactory.getInstance().clone(item, context));
                approvalMap.put(approver, newSet);
              }
            }  
          }
        }
      }
    }
  } 

  // Generate the approval list from the approval map
  IdentityApprovalGenerator iag = new IdentityApprovalGenerator(wfcontext);
  List newApprovals = iag.buildApprovalsFromMap(approvalMap, "approval map");

  if (newApprovals != null) {
    approvals.addAll(newApprovals);
  }

  return approvals;

  </Source>
</Rule>
4 Likes