The Approval area provides a way to perform change approval actions, allowing you to control changes to directory data that require your approval and monitor your operations that require approval by other persons. You can use the Approval area to:
When a Web Interface user makes changes to directory data that require permission from other individuals in an organization, the changes are not applied immediately. Instead, an operation is initiated and submitted for approval. This starts a workflow that coordinates the approvals needed to complete the operation. The operation is performed and the requested changes are applied only after approval. An operation may require approval from one person or from multiple persons.
When an operation is submitted for approval, Active Roles tracks the initiator and the approver or approvers. The initiator is the person who requested the changes. Approvers are those who are authorized to allow or deny the changes. An operation that requires approval generates one or more approval tasks, with each approval task assigned to the appropriate approver. Active Roles administrators configure approval workflow by creating approval rules to specify what changes require approval and who is authorized to approve or deny change requests.
In the Approval area, you can work with the operations for which you are assigned to the approver role. As an approver, you are expected to take appropriate actions on your approval tasks.
The Approval area provides a number of views to help you locate approval items—tasks and operations:
To search for an operation or task by ID
You can also search for approval items (operations and tasks) by properties other than ID. For instance, you can find the operations that were initiated by a specific user. Another example is the ability to locate approval tasks generated within a specific time period. To access the advanced search function, click Advanced Search under the Search label. Then, use the Advanced Search page to configure your search settings and start a search.
Advanced search is the most comprehensive way to search for approval items such as operations and tasks. Use it to find approval items based on their properties. You do this by creating queries, which are sets of one or more rules that must be true for an item to be found. An example of a query for operations is “Initiator is (exactly) John Smith.” This specifies that you are searching for operations that have the Initiator property set to John Smith’s use account.
With advanced search, you can use conditions and values to search for approval items based on item properties (referred to as “fields” on the search page). Conditions are limitations you set on the value of a field to make the search more specific. Each type of item has a set of relevant fields and each type of field has a set of relevant conditions that advanced search displays automatically.
Some fields, such as “Target object property,” require that you select a property to further define your search. In this case, you configure a query to search for operations or tasks specific to the approval of changes to the objects based on a certain property of those objects. For example, to find the operations that request any changes to the “Description” property, you could select the “Target object property” field, select the “Description” property, and then choose the “Modified” condition.
Some conditions require a value. For example, if you select a Date field, the “Is between” condition requires a date range value so you have to select a start date and an end date to specify a date range. Another example is the Initiator field, which requires that you select a user account of the Initiator role holder.
In some cases, a value is not required. For example, if you select the “Modified” condition, value is not necessary since this condition means that you want your search to be based on any changes to a certain property, without considering what changes were actually requested or made to the property value.
The following topics cover the predefined views of the Approval section.
For information about the Pending view, see Pending tasks.
For information about the Completed view, see Completed tasks.
The Pending view contains a list of your approval tasks to be completed. Each task in the list is identified by a header area that provides basic information about the task such as a unique ID number of the task, who requested the operation that is subject to approval, when the task was created, the time limit of the task (if any), and the target object of the operation. In the middle of a task’s header area is a section that contains the title of the task (Approve operation by default), a label indicating the status of the task, and summary information about the operation that is subject to approval.
The task’s header area contains the action buttons you can use to apply the appropriate resolution to the approval task. The action buttons are displayed at the bottom of the header area. Which buttons are displayed depends upon configuration of the approval rule. You may encounter the following action buttons there:
Depending on configuration of the approval and policy rules, the Web Interface may request you to enter additional information that must be added to the operation request. For example, when you approve the operation of creating a user account, you may have to supply certain properties of the user account in addition to those supplied by the administrator who requested creation of that user account. If additional information is required, clicking Approve displays a page where you can supply the required information. You can also access that page by clicking the Examine task button.
This button is displayed if the approval rule has one or more approver levels (referred to as escalation levels) configured in addition to the initial approver level. Escalation levels are normally used to assign (escalate) the approval task automatically to the approver of a higher level if the task is not completed in time. The approval rule may be configured to allow approvers to escalate approval tasks as needed, in which case the task’s header area contains the Escalate button.
The task’s header area contains the Examine task button allowing you to get detailed information about the task, review the object properties submitted for approval, and supply or change additional properties. Clicking the Examine task button displays a page containing a replica of the task’s header area, the action buttons, and a number of information sections. Review the information on the page, supply or change the object properties for which the task requests your input, and then click the appropriate action button.
The page that appears when you click the Examine task button includes the following information sections:
The contents of this section heavily depends upon configuration of the approval rule. Thus the approval rule may request you to enter additional information that must be added to the operation request. For example, when you approve the operation of creating a user account, you may have to supply certain properties of the user account in addition to those supplied by the administrator who requested creation of that user account. In this case, enter the requested properties in the fields under Supply or change the following properties.
Normally, the approval rule is configured so that the approver is allowed to review the values of the object properties that were supplied or changed by the operation that is subject to approval. The approval rule may also be configured to allow the approver to change those property values. In either case, you can view or change them in the fields under Review the properties submitted for approval.
This section displays a list of the user accounts or groups to which the approval task is currently assigned. Any of the listed users or members of the listed groups can act as an approver on the task in question.
This section provides information on the date and time that the task was created and whether the task was escalated to a higher approver level or reassigned (delegated) to other persons. If the task was escalated, you can view when escalation occurred and what caused escalation. If the task was reassigned (delegated), you can view who and when delegated the task and to whom the task was delegated.
In this section you can view aggregated information about the approval task properties and configuration, and some details of the operation that the task is intended to allow or deny. The Operation ID filed provides a link to a page where you can examine the operation in more detail.
To complete a pending task
You can also complete a task by clicking the appropriate action button in the task’s header area. However, if the current policy and approval rules require the approver to supply some additional information, the Web Interface would open the Object properties page, prompting you to configure the required properties.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책