When approval workflows in RSA Identity Governance & Lifecycle are defined as having changes grouped by
category, the default behavior of the product is to auto-complete all approval activities in the same category if any one of the change request items is approved. However, if any one of the change request items is rejected, the remaining items in the same category should not be approved (auto-completed). The defect being reported here is that when one of the change request items is rejected, the remaining items in the same category are still auto-completed, and therefore approved.
For example, given an activity workflow where changes are grouped by
category under
Process Properties as shown below:
Image description
and entitlements are requested from two applications: Application X and Application Y, the following change request is created:
Parent WF | Sub WF | Entitlement | Category | Assigned approvers |
---|
WFX | SWFX1 | X.X1 | Accounting | U1,U2 |
WFX | SWFX2 | X.X2 | HR | U3,U4 |
WFY | SWFY1 | Y.Y1 | Accounting | U5,U6 |
WFY | SWFY2 | Y.Y2 | HR | U7,U8 |
Entitlements X1 and Y1 are grouped in the Accounting category for approval. If user U2 logs in and approves X1, then X1 and Y1 approvals are auto-completed as follows:
Approval 'Accounting' completed by U2 on <date/time>
Approval 'Accounting' completed by System (because of category manager) on <date/time>
This is expected behavior. However, if U2 logs in and rejects X1, then Y1 should not be automatically approved (auto-completed.) The defect is that it does autocomplete same as if entitlement X1 had been approved.
This is a known issue reported in engineering ticket ACM-101234.
This issue is resolved in RSA Identity Governance & Lifecycle 7.1.1 P04.