Hi Team,
I was facing an issue with predelegation rule.
In our requirement after mover certification, user has to certify his access and then manager has to review the decision and manager should be able to change the users decision.
Here i was not giving reassign equal to true in rule, i was trying to delegate the access reviews. But once the certification got triggered two workitems are getting generated at a time. One workitem as delegate (for user) and another workitem as access review (for manager). If i tried to take decisions as delegate and save decisions, the work item is not getting closed.
But for my requirement, it should not create two workitems, the workitem should create for user as certifier and after user completes the decision it should go to manager for signoff.
My Query: can sign off approver can change the decision that made by user?
CertificationPreDelegation rule works like this. Two work items are created, one for the reviewer and the other oner for the delegate. The reviewer will have the items in Delegated state and will be waiting for the delegates to complete the work item. The reviewer can undo the delegates decision.
This rule runs for each entity identified by the certification specification, so complex processing included in this rule can significantly impact the performance of certification generation.
I guess in your case you will have to use the CertificationSignOffApprover rule. This rule is used to specify one or more additional levels of approval for a certification. As long as the rule returns an
Identity, the certification will be forwarded to that Identity for review and signoff; when it returns null, the forwarding process terminates for the certification.
If the logic in this rule could potentially reroute the certification to the same Identity who just signed off
on it, the rule must check for this condition and return null when the new certifier matches the existing one. Otherwise, an endless loop could be created where the certification is repeatedly returned to the same certifier for another signoff, and the certification would never successfully complete.
import sailpoint.object.Certification;
import sailpoint.object.Identity;
List history = certification.getSignOffHistory();
if (history == null || history.size()<2){
Identity identity = certifier.getManager();
Map results = new HashMap();
results.put("identity", identity);
return results;
}
else
return null;
}
This is a sample rule which will trigger one additional level of approval for the certification. In your case you might have to keep the employee itself as the reviewer and this rule will select his manager for additional approval. Make sure to select Allow Self Certifications for All Certifiers
