Symantec IGA

Hi Team,

Currently we have no of groups where user request access and approval will go to corresponding approval group members. Our requirement is to avoid self approval if approver is requestor and requesting for his own or even some one else requested we want to avoid self approval. Currently I don't see any option to configure in rule based workflow policy.

Please provide your suggestions/ ideas how I can achieve/ implement this functionality.

Thanks,

Manu.

Hello,

If the approver is the one requesting access and is a member of that group they would be able to self approve as you are seeing.  As you said, I reviewed one of my lab systems and do not see a way around this to configure the policy to not allow this for the "approver who requests access and self approving" (don't say that 3 times fast...)

For this post, please open a case L1 support so we may review this question further.  Thank you and have a great weekend.

I had this requirement once, what you can do is:

Develop a custom participant resolver, the resolver will find the group members and the requester, the requester is found within the group members - auto approve.

the reason it doesn't exist out of the box is - most organization would like to have audit on who asked for access and who approved it.

The fact that someone can approve specific access doesn't necessary means they can have it.

Hi Chen,

Thanks for your reply and suggestions. We have achieved auto approval requirement using workflow scripts. My requirement is here to restrict self approving requests. For example if  a is requesting for b and b is part of approves, b should not approve by him self. or If b is requesting for b and b is part of approvers that should skip  approval item to b.

Also if b is the only approver, some relevant message to requester saying b is only approver and can't approve him self. 

Cheers,

Manu.

Hi Chen Raymanr post

About your publication, how can I generate the application and approver report for each request?

Julian