In this blog, I’ll walk you through configuring the workflow for the initiator rule (Attribute based workflow) in Access Request Service (IAG).
Introduction:
Different workflow paths can be applied to various types of access requests in IAG based on the attributes of the access request. This is achieved by defining the corresponding workflow business rules for Access Request Service.
Defining Business Rules:
If the business rules for access requests have already been defined and no different paths are required, there is no need to make any changes to those existing business rule RequestTypeRule.
If different paths are required, manually create the data objects called RequestAttributes and define a business rule called AttributesRuler. For creating the related data objects and business rules, please refer the below link.
Even if a new business rule, AttributesRuler, is defined and conditions are maintained within it, the RequestTypeRule serves as a fallback option. If no conditions in the AttributesRuler rule are met, the RequestTypeRule is used as the default rule to determine the appropriate path for the request. This ensures that if none of the conditions in the new rule are satisfied, the system can still fall back on the existing RequestTypeRule for path determination.
Building a decision table for AttributesRuler:
A sample decision table for AttributesRuler can be found below.
Note: The Fixed Operator of each Condition Expression in the decision table should be “is like.” And the value of the field can be put “%” to match any values.
Explaining the decision table:
If the reason code selected is “New_user,” the createdBy is any value, and the priority of the request is any value, the access request follows the path “accreviewpath.”
Similarly, If the reason code selected is “Access_change,” the createdBy is any value, and the priority of the request is any value, the access request follows the path “zmanageronlypath.”
Conclusion: In conclusion, we can have distinct workflow paths for different kinds of access requests in IAG by creating the data objects called RequestAttributes, it’s associated business rule AttributesRuler and the decision table.
In this blog, I’ll walk you through configuring the workflow for the initiator rule (Attribute based workflow) in Access Request Service (IAG).Introduction:Different workflow paths can be applied to various types of access requests in IAG based on the attributes of the access request. This is achieved by defining the corresponding workflow business rules for Access Request Service.Defining Business Rules:If the business rules for access requests have already been defined and no different paths are required, there is no need to make any changes to those existing business rule RequestTypeRule. If different paths are required, manually create the data objects called RequestAttributes and define a business rule called AttributesRuler. For creating the related data objects and business rules, please refer the below link.https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/13b9055585dc4d73996d9a13ab5a0b71.html?version=CLOUDFOUNDRY Even if a new business rule, AttributesRuler, is defined and conditions are maintained within it, the RequestTypeRule serves as a fallback option. If no conditions in the AttributesRuler rule are met, the RequestTypeRule is used as the default rule to determine the appropriate path for the request. This ensures that if none of the conditions in the new rule are satisfied, the system can still fall back on the existing RequestTypeRule for path determination. Building a decision table for AttributesRuler:A sample decision table for AttributesRuler can be found below.Note: The Fixed Operator of each Condition Expression in the decision table should be “is like.” And the value of the field can be put “%” to match any values.Explaining the decision table:If the reason code selected is “New_user,” the createdBy is any value, and the priority of the request is any value, the access request follows the path “accreviewpath.” Similarly, If the reason code selected is “Access_change,” the createdBy is any value, and the priority of the request is any value, the access request follows the path “zmanageronlypath.”Conclusion: In conclusion, we can have distinct workflow paths for different kinds of access requests in IAG by creating the data objects called RequestAttributes, it’s associated business rule AttributesRuler and the decision table. Read More Technology Blogs by SAP articles
#SAP
#SAPTechnologyblog
+ There are no comments
Add yours