i need to restrict the request when the user raising the entitlement and it will check that entitlement belongs to abc application so if user have a account in abc application then that request will allow . if the user dont have the application link then block him saying "please raise request for “Role A” and get the account created.
i have tried in advance policy but it didnt work so now im trying to achieve this requirement in LCM Provisioning
my doubt is which sub workflows we can achieve this . iam thinking i need to write a logic in Identity Request Violation Review
Just to clarify your requirement,
It is to check whether the user have raised request for AcctsPayable entitlement in finance app. If the user doesn’t have an account for FInance App before this request, it should block him showing the below message. “Please raise request for Role A and get Active Directory Account created”
yes exactly that is my requirement ,
It is to check whether the user have raised request for AcctsPayable entitlement in finance app . If the user doesn’t have an account for FInance App before this request, it should block him showing the below message.
sorry that violation meseages " “Please raise request for Role A and get finance app Account created”
This should throw the user with Violation. I have tested with a different application, and it is working.
Make sure to update the Application Name and entitlement value variables in the snippet
Greetings! I would like to ask a query on your valuable response on advanced policy, hope you don’t mind.
What could be the reason I am not getting the block message displayed in “Manage User Access” while submitting the request. Seems like I am getting an detective policy instead. When simulation ran the count of violations where not zero. We are using IIQ.8.3.
Can you check the policyScheme Variable in LCM Provisioning Workflow. It shouldn’t be disabled and should be interactive to allow the requestor to remove the request.