Reject a validation based on condition in approval Assignment rule

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

[8.3]

Share all details about your problem, including any error messages you may have received.

Hi community, I am developping multi-level approval for access request. May I know if there is any possiblity to reject an approval in the approval Assignment rule if a condition of building Level of validation is not present ,

For example : level one is a special identity attribute validation , if the target identity has not this attribut we reject the access with a comment ,

Thanks

3

I would see if you can use access request filters and not allow the role to be requested if the attribute is not set accordingly.

1 Like
4

You can use a RequestObjectSelector rule in Quickink Populations to not display the roles to user if the user does not have a valid attribute.

1 Like
5

@alshahim04 -

You can try something similar -

import sailpoint.object.Comment;
// Helper: check the target identity’s attribute

private boolean hasRequiredAttr(Identity target, String attrName) {
Object v = (target == null) ? null : target.getAttribute(attrName);
return (v != null && !“”.equals(v.toString().trim()));
}

// In mBuildCommonApprovals(...) after you get items = masterApprovalSet.getItems()

Identity target = context.getObject(Identity.class, identityName);
Comment comments=new Comment("Your Reason for Rejection","Comment Author");
List comment=new ArrayList();
comment.add(comments);
for (ApprovalItem item : items) {
// ---- Our validation gate ----
    if (!hasRequiredAttr(target, REQUIRED_ATTR)) {
// Make it explicit that we rejected this line
item.setState(WorkItem.State.Rejected);
item.setComments(comment);
}
//rest of your logic
}

Let me know the outcome.

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.