This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
ShanelleBlake
Beginner
Beginner
‎2020-05-14 07:43 AM

Simple workflow request

Jump to solution

Hi everyone.
Can I ask for "easy" help?
I am studying the workflows within IGL 7.1.
I would like to ask you for a little help as documentation is not so clear for me.

In an authorization workflow of a request, I would like to make a simple external SQL call to verify a value and, based on the result of the query, give OK or KO to the request. I think it is easy but I have never seen how it is done.

For example I would like to put a decision in the middle of the workflow that says:
- query to a db (maybe the same igl db if possible).

  if the user for whom authorization is requested has title=manager then ok, approve otherwise deny the request.


I can't understand how to creta a value with the result of the query and to use it for subsequent processes (ok or deny).
Can you help me with an example?
Thank you very much!!!!

Shanelle

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
CliveMorrish
Moderator Moderator
Moderator
In response to ShanelleBlake
‎2020-05-14 10:06 AM

Jump to solution

As mentioned earlier, a simpler way may be to simply restrict who can use the request buttons. As an example, you could restrict the 'Add Access' button to only those users with a certain Title:

 

pastedImage_1.png

 

You'd then know the request was raised by a 'Manager' and wouldn't need to perform calculations within the workflow.

 

However, in response to your question around how to create a value. Firstly, never update the out of the box workflows as these could be change/updated/overwritten when you patch/upgrade. Instead create a new workflow and use the Copy From option.

 

Use the SQL Select node to query the IGL database. As example, the following query checks the Title of the user that the Request has been raised for ('${access_request_cri_meu_title}'), these variables are available by right clicking within the workflow node. Set the Variable Type to Job - there are other types available, details of which can be found on the community.

 

pastedImage_9.png

 

Once you save the workflow, the new ISMANAGER Variable will be available to select.

 

Then, using a Decision Node you can use the 'Workflow Variable' option to determine your transition criteria:

 

pastedImage_10.png

 

You then need to use Transition Nodes to route the request accordingly. You must have a True and a False transition. For the True transition, make sure the 'Evaluated to True' tick box is set

 

pastedImage_11.png

 

To summarize:

 

pastedImage_12.png

 

1. Queries the IGL DB to calculate the variable that will be used to determine how the request is handled

2. Uses the Variable from 1 to route the request accordingly

3. Where the request is for a user with the Title 'Manager' the request will be sent for approval (in this example)

4. Where the request is for a user where the Title is not 'Manager' the request will be cancelled

 

As always, please take backups and first make changes in a non production environment.

 

Additionally, workflows can grow and become unnecessarily complex - it's always worth considering if there's a simpler more out of the box approach before adding to the workflow logic.

View solution in original post

Reply
5 Replies
CliveMorrish
Moderator Moderator
Moderator
‎2020-05-14 07:55 AM

Jump to solution

Hi Shanelle,

 

Although what you described sounds achievable, it would be interesting to fully understand the use case as there may be a simpler approach.

 

Some questions:

  • Is this required for ALL requests no matter what is being requested?
  • Should only users with the Title 'Manager' be permitted to raise requests?

 

Personally I think it would be better to try and stop the Request even being raised instead of raising and then cancelling.

 

Thanks,

Clive

0 Likes
Reply
ShanelleBlake
Beginner
Beginner
‎2020-05-14 09:32 AM

Jump to solution

Hi,

my idea is to configure specific requests flow for each application.

In this case, I would apply the flow of authorization request that start from an user or from his manager.

 

So, let's say a manager starts a request (maybe with a form) to add an entitlement for a person.

This should fire a request workflow with some approval steps.

I would like to start with a simple use-case and so in some part of the workflow a query to a database (maybe the same igl db if possible) will check for the title value of the user: if the value  title=manager then the request is approved, otherwise no.

With the occasion I would understand how to create a value, add the result of the query on it and to use it for subsequent processes (ok or deny).

Thanks

Shanelle

Reply
CliveMorrish
Moderator Moderator
Moderator
In response to ShanelleBlake
‎2020-05-14 10:06 AM

Jump to solution

As mentioned earlier, a simpler way may be to simply restrict who can use the request buttons. As an example, you could restrict the 'Add Access' button to only those users with a certain Title:

 

pastedImage_1.png

 

You'd then know the request was raised by a 'Manager' and wouldn't need to perform calculations within the workflow.

 

However, in response to your question around how to create a value. Firstly, never update the out of the box workflows as these could be change/updated/overwritten when you patch/upgrade. Instead create a new workflow and use the Copy From option.

 

Use the SQL Select node to query the IGL database. As example, the following query checks the Title of the user that the Request has been raised for ('${access_request_cri_meu_title}'), these variables are available by right clicking within the workflow node. Set the Variable Type to Job - there are other types available, details of which can be found on the community.

 

pastedImage_9.png

 

Once you save the workflow, the new ISMANAGER Variable will be available to select.

 

Then, using a Decision Node you can use the 'Workflow Variable' option to determine your transition criteria:

 

pastedImage_10.png

 

You then need to use Transition Nodes to route the request accordingly. You must have a True and a False transition. For the True transition, make sure the 'Evaluated to True' tick box is set

 

pastedImage_11.png

 

To summarize:

 

pastedImage_12.png

 

1. Queries the IGL DB to calculate the variable that will be used to determine how the request is handled

2. Uses the Variable from 1 to route the request accordingly

3. Where the request is for a user with the Title 'Manager' the request will be sent for approval (in this example)

4. Where the request is for a user where the Title is not 'Manager' the request will be cancelled

 

As always, please take backups and first make changes in a non production environment.

 

Additionally, workflows can grow and become unnecessarily complex - it's always worth considering if there's a simpler more out of the box approach before adding to the workflow logic.

View solution in original post

Reply
ShanelleBlake
Beginner
Beginner
‎2020-05-16 12:59 AM

Jump to solution

Thanks!
Thank you very much Clive!!
It was precisely the clarification I was looking for but I couldn't find it anywhere.
I want to congratulate you because you took great care and attention to explain the tasks with the screenshots too.

May I ask just a question about your comments?

When you say:

" ---> Request has been raised for ('${access_request_cri_meu_title}') "

I think the "access_request" prefix is ready on IGL. Last part "_cri_meu_title" is something you created manually later?

About the prefix "access_request", is there a doc that contains all command, prefix and similar we can use in IGL?


Thanks, really thanks.
Really a nice community

Shanelle

Reply
CliveMorrish
Moderator Moderator
Moderator
In response to ShanelleBlake
‎2020-05-18 05:02 AM

Jump to solution

Thank you for the feedback Shanelle and I'm really glad that my response helped.

 

The ${access_request_cri_meu_title} variable is available to select by Right Clicking within the SQL Select node. This will display a list of out of the box variables and any new ones you've created within the workflow. 

 

See below, Right Click displays a list where you can then choose 'Change Request'. We're then selecting the Title of the User affected by this Change Request.

 

pastedImage_3.png

 

Hopefully that helps...

 

Cheers,

Clive

Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.