Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Active Roles 8.1.3 - Web Interface Configuration Guide

Introduction to the Web Interface Deploying the Web Interface Getting started with the Web Interface Web Interface Basics Performing Management Tasks Using Approval Workflow Customizing the Web Interface
About Web Interface customization Web Interface customization terms Configuring Web Interface menus Configuring Web Interface forms Web Interface customization examples Web Interface global settings Customizing the Web Interface Navigation bar Customizing the Web Interface Home page Configuring Web Interface for enhanced security
Default Commands Glossary

Using Approval Workflow

This section describes how to use the Approval workflow features of Active Roles in the Web Interface.

Understanding approval workflow

The approval workflow system included with Active Roles provides:

  • A point-and-click interface to configure approval rules, available from the Active Roles console. The approval rules are stored and performed by the Active Roles Administration Service.

  • The directory management section of the Web Interface for submitting operation requests for approval. For example, approval rules could be configured so that creation of a user account starts an approval workflow instead of immediately executing the user creation operation. For information on how to use the directory management section, seeManaging Active Directory objects.

  • The Approval area of the Web Interface to manage operation requests and approvals. This area includes a “to-do” list of the approval tasks the designated user has to carry out, allowing the user to approve or reject operation requests.

The Approval area provides a way to perform change approval actions, allowing you to control changes to directory data that require your approval and monitor your operations that require approval by other persons. You can use the Approval area to:

  • Perform approval tasks—approve or reject operations so as to allow or deny the requested changes to directory data. Examples of operations include (but not limited to) creation and modification of user accounts or groups.

  • Check the status of your operations—examine whether the changes to directory data you requested are approved and applied, or rejected.

When a Web Interface user makes changes to directory data that require permission from other individuals in an organization, the changes are not applied immediately. Instead, an operation is initiated and submitted for approval. This starts a workflow that coordinates the approvals needed to complete the operation. The operation is performed and the requested changes are applied only after approval. An operation may require approval from one person or from multiple persons.

When an operation is submitted for approval, Active Roles tracks the initiator and the approver or approvers. The initiator is the person who requested the changes. Approvers are those who are authorized to allow or deny the changes. An operation that requires approval generates one or more approval tasks, with each approval task assigned to the appropriate approver. Active Roles administrators configure approval workflow by creating approval rules to specify what changes require approval and who is authorized to approve or deny change requests.

In the Approval area, you can work with the operations for which you are assigned to the approver role. As an approver, you are expected to take appropriate actions on your approval tasks.

To access the Approval area

  1. Open the Active Roles Web Interface.

  2. On the Web Interface Home page, click Approval.

Locating approval items

The Approval area provides a number of views to help you locate approval items—tasks and operations:

  • My Tasks Contains detailed entries representing the approval tasks assigned to you. Depending on their status, the approval tasks are distributed into two views. The Pending view allows you to manage the approval tasks awaiting your response. The Completed view lists your approval tasks that have been completed.

  • My Operations The Recent view lists your recent operations that required approval, and allows you to examine the status and details pertinent to each operation.

In addition to using the predefined views, you can locate operations and tasks by using the search function.

To search for an operation or task by ID

  1. In the right pane of the Web Interface page, under the Search label, type the ID number of the operation or task in the Search by ID box.

  2. Click the button next to the Search by ID box to start the search.

You can also search for approval items (operations and tasks) by properties other than ID. For instance, you can find the operations that were initiated by a specific user. Another example is the ability to locate approval tasks generated within a specific time period. To access the advanced search function, click Advanced Search under the Search label. Then, use the Advanced Search page to configure your search settings and start a search.

Advanced search is the most comprehensive way to search for approval items such as operations and tasks. Use it to find approval items based on their properties. You do this by creating queries, which are sets of one or more rules that must be true for an item to be found. An example of a query for operations is Initiator is (exactly) John Smith. This specifies that you are searching for operations that have the Initiator property set to the John Smith user account.

With advanced search, you can use conditions and values to search for approval items based on item properties (referred to as “fields” on the search page). Conditions are limitations you set on the value of a field to make the search more specific. Each type of item has a set of relevant fields and each type of field has a set of relevant conditions that advanced search displays automatically.

Some fields, such as Target object property require that you select a property to further define your search. In this case, you configure a query to search for operations or tasks specific to the approval of changes to the objects based on a certain property of those objects. For example, to find the operations that request any changes to the Description property, you could select the Target object property field, select the Description property, then choose the Modified condition.

Some conditions require a value. For example, if you select a Date field, the Is between condition requires a date range value so you have to select a start date and an end date to specify a date range. Another example is the Initiator field, which requires that you select a user account of the Initiator role holder.

In some cases, a value is not required. For example, if you select the Modified condition, no value is necessary, since this condition means that you want your search to be based on any changes to a certain property, without considering what changes were actually requested or made to the property value.

Using “My Tasks”

You can use the My Tasks area to work with the approval tasks assigned to you as an approver. According to their status, the tasks are distributed into two views: Pending and Completed.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating