When a user/manager/admin needs to create a new user account to add to SailPoint IIQ, it is submitted for approval to the correct approval team.
Once the approval team receives the approval form, a member of that team will verify the form has been filled out correctly. If they find that the form has not been done correctly, instead of hitting the 'Approved" button at the bottom right, they hit the “Rejected” button on the bottom left.
The functionality we have put in place is the approver has to put in a comment before they hit the “Rejected” button. If the approver hits the button, yet no comments were put in, then the workflow will not allow the form to go back to the requestor until comments are input. This is not the case, instead the approver can send the form back to the requestor without comments.
What variable within the workflow you are using to set the comment required on approval rejection in the WF. I’m assuming you are using OOTB LCM Create and Update Identity one.
In order to make sure approver comments are required for Reject request, add Validation Script in the Approval Step of the Workflow. The Validation script can validate whether the request is approval or rejection and check whether comments are added or not.
You can fetch Rejected Approval Items using getRejected() method in Approval Set. And these approval items should be validated whether the comments are added or not. You might have to even validate whether the comment author is same as approver to confirm the comments present is added by the Approver who have rejected the request. And the validation script can return a message “Please provide valid comments for rejection” if the validation failed
Hi Suresh and jarin,
The one that is being used is OOTB LCM Create and Update xml. But, exactly where would i put this "validation script’? If I attach the xml, could you please show me where? I have already made the needed change in the approval form that is being used as showing “required”.
Hi @derrickthomasvdot
The Validation script will be added to the Approval step in the Workflow. Please find the sample approval step with Validation logic. The Validation script written is just for your reference and it is not tested.
<Step icon="Approval" name="Approval" posX="158" posY="22">
<Approval mode="ref:approvalMode" owner="call:buildCommonApprovals" renderer="lcmWorkItemRenderer.xhtml" send="identityDisplayName,identityName,approvalSet,flow,policyViolations,identityRequestId">
<AfterScript>
--AfterScript--
</AfterScript>
<Arg name="launcher" value="ref:launcher"/>
<Arg name="workItemDescription" value="ref:workItemDescription"/>
....
....
....
<InterceptorScript>
--InterceptorScript--
</InterceptorScript>
<ValidationScript>
<Source>
import java.util.List;
import sailpoint.api.SailPointContext;
import sailpoint.object.ApprovalItem;
import sailpoint.object.ApprovalSet;
import sailpoint.object.Comment;
import sailpoint.object.Identity;
import sailpoint.object.WorkItem;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Util;
boolean isCommentsProvidedForItem = false;
String requireComments = null;
if (item != null) {
ApprovalSet approvalSet = (ApprovalSet) item.getAttribute("approvalSet");
List<ApprovalItem> rejectedItemsList = approvalSet.getRejected();
List<Comment> rejectionCommentsOfItems;
for (ApprovalItem rejectedItem : rejectedItemsList) {
rejectionCommentsOfItems = rejectedItem.getComments();
if (rejectionCommentsOfItems != null) {
String workItemApproverOwnerName = rejectedItem.getApprover();
Identity workItemApproverOwnerIdentity = context.getObjectByName(Identity.class, workItemApproverOwnerName);
String workItemApproverOwnerDisplayName = null;
if (workItemApproverOwnerIdentity != null) {
workItemApproverOwnerDisplayName = workItemApproverOwnerIdentity.getDisplayName();
}
for (Comment rejectionCommentsOfItem : rejectionCommentsOfItems) {
String commentsProvidedAuthorName = rejectionCommentsOfItem.getAuthor();
if (Util.isNotNullOrEmpty(workItemApproverOwnerDisplayName)
&& workItemApproverOwnerDisplayName.equalsIgnoreCase(commentsProvidedAuthorName)) {
isCommentsProvidedForItem = true;
break;
}
}
}
}
}
if (!isCommentsProvidedForItem) {
requireComments = "Please provide valid comment stating a reason for rejected item";
}
return requireComments;
</Source>
</ValidationScript>
</Approval>
<Transition to="Next Step"/>
</Step>
Please close this thread by marking the above response as solution , if you have received answers for your question. This will help everyone looking for answers.
Hi Jarin,
I will definitely close the thread once I have reviewed the code and concluded that is does work.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.