Share all details about your problem, including any error messages you may have received.
Hi Experts,
Would like to know if it is possible to disable approvals in batch requests. I saw the “Disable Approvals” option in the LCM Provisioning workflow and selected it, but the approvals are still being sent to the identity’s manager. Is there any way we can allow batch requests to add/remove roles or entitlements without sending approvals to the manager?
Hi @Bernardc Workflow Logic Overrides Global Settings: The LCM Provisioning workflow is a powerful, highly customizable business process. The “Disable Approvals” checkbox in the UI often simply sets a variable or flag within that workflow’s definition. If there are other steps or rules within the workflow that explicitly add manager approvals, those will take precedence.
Default Approval Schemas: The LCM Provisioning workflow often has default approval schemas defined (e.g., manager,owner or manager). These schemas dictate who needs to approve a request. Even if a global “disable” flag is set, if the workflow’s logic explicitly builds an approval chain, it will try to send approvals.
The “Disable Approvals” Checkbox in UI: If that checkbox already sets a workflow variable (e.g., disableApprovals), you can integrate that into your conditional logic as well. For instance, if (request.getBatchRequestId() != null || workflow.get("disableApprovals")) { return "none"; }.
Option#1 Modify approvalScheme based on batch status:
Locate the approvalScheme argument that’s typically defined early in the workflow.
<Step name="Prepare Approval" ...>
<Return name="approvalScheme" type="string">
<Source>
<![CDATA[
// Check if this is a batch request
if (request != null && request.getBatchRequestId() != null) {
log.debug("Batch request detected. Bypassing approvals.");
return "none"; // "none" explicitly tells IIQ to bypass approvals
} else {
// Default approval scheme for individual requests
log.debug("Individual request. Applying default approvals.");
// This is your existing approval logic, e.g.,
// return "manager,owner";
// Or if you want to use the UI's "Disable Approvals" flag:
// if (report.getArgument("disableApprovals")) {
// return "none";
// } else {
// return "manager,owner";
// }
// Let's assume you want manager for non-batch by default if the flag is off.
return "manager"; // Or "manager,owner", etc.
}
]]>
</Source>
</Return>
</Step>
When using the default (OOTB) LCM provisioning workflow for batch requests, approval is not triggered by default. Approval will only be required if you explicitly enable the “Require batch request approval” option within LifeCycle Manager.
If you’re using a custom business process for handling batch requests and have chosen to generate identity requests during the batch request, the system will follow the custom-defined approval workflow.
In such cases, if you want to bypass the approval process specifically for batch requests, you can do so by modifying the approval scheme configuration using a script. Below is an example of how to set the approval scheme dynamically, based on the request source:
Disabling approval will apply to both normal access requests and batch requests.
If you do not want to affect the approval process for normal access requests, you will need to create a separate workflow specifically for batch requests.
