Rejecting Approval of an Application Role Change Request item fails in RSA Identity Governance & Lifecycle
Originally Published: 2020-06-04
Article Number
Applies To
RSA Version/Condition: 7.1.0 , 7.1.1, 7.2.0
Issue
The Approval Workflow (Requests > Workflows > Approval tab > {Approval Workflow name}) is properly set up with an activity node configured for either Add app-role to account or Add app-role to user and a transition that allows individual change items to be rejected.
EXAMPLE
In the following example the approval workflow has activity nodes for Add ent to account, Add app-role to account and Add group to account and each activity node has the option to reject individual change request items. Note that the rejection of an Add ent to account and an Add group to account works correctly. It is only the Add app-role to account and Add app-role to user conditions that have this issue.
Each approval activity node is configured as below to allow individual rejection of change items:
The following error is logged to the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log)
05/29/2020 03:07:49.986 ERROR (default task-24) [com.aveksa.server.workflow.WorkflowWorkItem]
No grouping found for the job 337
Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)Cause
Resolution
Workaround
- Edit the Approval Workflow (Requests > Workflows > Approval tab > {Approval workflow name}) and select and deselect the checkbox for the following option:
Follow this transition when a workflow form is automatically completed
- Then save the workflow.
