• State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 93 subscribers
  • Views 4209 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exception Approval Deny workflow does not trigger anything

ruchita.mantri
over 6 years ago

Hi,

 

I have assigned system role to the user which has compliance rule. In compliance rule, we have set the condition as follows

If user has Role1, it should not have Role2

Now, when I assign both system roles to the user, compliance rule is triggered and the workflow goes to Exception approver. Now even if the exception approver denies this violation, system roles are not getting revoked. Is there anything that I am doing wrong? Or it is the expected behavior?

  • 0 over 6 years ago
    If the violation was triggered by a request, then the assignment never really existed so nothing to do.

    In the case of an existing violation, the system does not remove something automatically because it cannot decide which system role - in your case is more important than the other.

    Or, let's think about different ways to receive a system role (inheritance, request, etc.). Sometimes it is impossible to remove the system role membership without loosing additional permissions which might be unwanted.

    That's why there is the new Compliance Violatin Removal Wizard in the Web Portal of version 8 that helps the Exception Approver in resolving the violation.
  • 0 over 6 years ago
    ok. but in this case, exception approver can see Approve/Deny option also in Pending rule violation which does not trigger anything. So, is there a way to remove Approve/ Deny option from the request and just keep Resolve option?
  • 0 over 6 years ago
    Wouldn’t that mean to set the flag that no exception approval is allowed at the compliance rule?
  • 0 over 6 years ago
    My understanding is from front end, whenever the user requests for entitlement, respective workflow gets triggered and whatever is there in the workflow, it gets executed. For compliance check, I need to add CR approval procedure and Exception approval procedure in the next step so that Exception approver can approve/deny the request. In this case, compliance rule violation comes as "Pending request" for the exception approver and not in "Pending rule violation" so violations comes in "Pending rule violation" only when rule is violated through backend. Let me know if my understanding is correct.
    If yes, then I think I don't need Approve/ Deny action in "Pending Rule violation" tab
  • 0 over 6 years ago
    Your assumption is correct. These are the preventive and detective controls for the compliance rules. If you do not want to approve or deny the detected violations you could remove the exception approval allowed flag at the rule.
  • 0 over 6 years ago
    No but I want the exception approver to act on the violated rule. If the request is through front end, it comes as pending request for the exception approver and Approve/Deny works properly there but through backend it comes as Pending Rule violation and there Approve/Deny does not do anything. So if in pending rule violation exception approver can't Approve/Deny and he can just Resolve it then what is the point in keeping Approve/Deny option there