SecurID^® Governance & Lifecycle 7.2 Enablement

PritiSrinivas · ‎2020-04-21

Hi All,

I have question regarding workflows and here is my requirement

Local application having local entitlements have a role associated to it for manual fulfillment
Whenever any access request is raised , a manual activity must be created and assigned to the members of the role assigned to it

Approach Used:

I have been able to retrieve the role members , roleset and role details within the workflow and tried a lot of options but it does not work as expected for some reason

a) Option 1: Store role member details in workflow variable and in manual activity use the option "Workflow variable with value as user_id of the user"

This works fine, if there is only one member and fails if more than one

b)Option 2: Use workflow variable option by passing role id and resolving it to the id of the role. I do see the below error in logs and even it cast it to integer the issue still persists

ERROR (Worker_jobq#Role#jdbc/avdb_32) [com.aveksa.server.workflow.scripts.resource.ResourceManager] Error evaluating a workflow variable resource

java.lang.ClassCastException

c)Option 3 : Use workflow variable option by passing role name and resolving it to the name of the role. I have also provided the role set name to it for resolution. I do see the below error in logs and even it cast it to integer the issue still persists

ERROR (Worker_actionq#Role#jdbc/avdb_74) [com.aveksa.server.workflow.scripts.resource.ResourceManager] Error evaluating a workflow variable resource

java.lang.NullPointerException

Could anyone help in this regard and point out what could be possibly done to resolve this issue ?

MHelmy · ‎2020-04-22

Previously the only way to assign to a Role/Group was to fetch the Role/Group members using a SQL select node and assign to them (as Clive shared above). The downside of that is the task assignment does not change with any changes to the Role/Group members. The ability to assign a task directly to a Role/Group from a workflow variable is new in 7.2.0.

Having said that, there are two introduced ways to find a role form a workflow variable:

Using the Role ID.
Ideally you would use some sort of SQL Select to fetch the Role ID itself into a workflow variable, then reference it in the workflow node configuration.

However this scenario seems to have a defect. No matter what ID I provide, I always get the same ClassCastException error then the node is auto-completed.

Please log a case with RSA Support on this.
Using the Role Name and RoleSet Name (since Role Name is not a unique value).
In this case you need to create two different workflow variables. One containing the Role Name and another contaning the RoleSet Name. The node configuration looks like:

This one works for me though:

View solution in original post

CliveMorrish · ‎2020-04-22

Although using Approval instead of Manual fulfillment, we've had success with a customer in the UK using option 1:

The first node gets the User ID of the Members of a specific Role:

And that variable is then used to assign the approvers:

Customer is using version 7.1 P03.

MHelmy · ‎2020-04-22

Previously the only way to assign to a Role/Group was to fetch the Role/Group members using a SQL select node and assign to them (as Clive shared above). The downside of that is the task assignment does not change with any changes to the Role/Group members. The ability to assign a task directly to a Role/Group from a workflow variable is new in 7.2.0.

Having said that, there are two introduced ways to find a role form a workflow variable:

Using the Role ID.
Ideally you would use some sort of SQL Select to fetch the Role ID itself into a workflow variable, then reference it in the workflow node configuration.

However this scenario seems to have a defect. No matter what ID I provide, I always get the same ClassCastException error then the node is auto-completed.

Please log a case with RSA Support on this.
Using the Role Name and RoleSet Name (since Role Name is not a unique value).
In this case you need to create two different workflow variables. One containing the Role Name and another contaning the RoleSet Name. The node configuration looks like:

This one works for me though:

PritiSrinivas · ‎2020-04-23

Yes, I was finally able to make it work with option 3(using role name) .

PritiSrinivas · ‎2020-04-23

So, did it work if it has more role members

CliveMorrish · ‎2020-04-23

Yes, all roles had at least 2 members

PritiSrinivas · ‎2020-08-04

This issue was reported through JIRA and the option of using the role set id has been fixed in the latest version

SecurID® Governance & Lifecycle 7.2 Enablement

Manual Activity Resource Assignment

SecurID^® Governance & Lifecycle 7.2 Enablement