Good afternoon!
I'm not quite sure how to make this workflow work, so here's what I'm trying to accomplish:
I'm trying to create several roles to be used in high volume the near future that will not have common identifiers to determine automatic membership for the role. All entitlements will be AD groups that will go through AFX fulfillment. My team will manually add the user to the Role. All of these Roles have been manually approved on paper, and with the current process if the AD group is approved on paper, it is not requested for approval when a new or transferring user needs to be added to the AD group as part of their job Role.
On role creation, I'd expect that Change Request to go through a normal approval process and for the AD group owners to "approve" that the AD group should be part of this role.
What I'd like to avoid is for when a new or transferring employee is manually added to the Role, I'd like for only the Role Owner to approve that change, and NOT the AD group owners themselves (since that isn't what they do now).
I'm not quite sure how to make this work. I don't want to change the overall Role workflow, just the workflow when new users are added to these specific roles. Maybe a new role set for these roles? If they're auto approved anyway for these Roles does it matter if it's fulfilled manually or via IMG and the individual groups doesn't need to be approved in IMG? Just thinking out loud on some of this.
Thank you all for your help!
So if I understand this correctly, say you have a Role R1 which contains Groups G1, G2 as entitlements. When adding a new user U1 to R1 … you would like an approval on the direct change item (which is adding the user to the role), but you do not want approvals on the indirect change items (which is adding U1 to G1,G2 since they are part of R1)?
If that is what you want, the good news is you can control that in any approval workflow using the below checkbox. Uncheck if from the group approval workflow used so it ignores any indirect change item.
The bad news is that this is only available starting v7.0.2 … there wasn't really any way to do that in v6.9.1.