立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.4 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests and delegating Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding Active Directory and SharePoint groups to the IT Shop automatically Adding Privileged Account Management user groups to the IT Shop automatically
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Cancel request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates
Resolving errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Finding requesters

Use the BS and BR approval procedures to return the approval to the requester or request recipient. The BS approval procedure finds the request requester and the BR approval procedure finds the request recipient. As a result, the requester and the request recipient can also influence the approval. Their approval can be viewed in the approval history. The approval workflow can be continued from any approval level.

The requesters are also found if the QER | ITShop | PersonInsertedNoDecide and QER | ITShop | PersonOrderedNoDecide configuration parameters are set. For more information, see Approving requests from an approver.

Setting up approval procedures

You can create your own approval procedures if the default approval procedures for finding the responsible approvers do not meet your requirements. The condition through which the approvers are determined is formulated as a database query. Several queries may be combined into one condition.

To set up an approval procedure

  1. In the Manager, select the IT Shop | Basic configuration data | Approval procedures category.

  2. Select an approval procedure in the result list and run the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the approval procedure master data.

  4. Save the changes.

To edit the condition

  1. In the Manager, select the IT Shop | Basic configuration data | Approval procedures category.

  2. Select an approval procedure from the result list.

  3. Select Change queries for approver selection.

Detailed information about this topic

General master data for an approval procedure

Enter the following master data for an approval procedure.

Table 40: General master data for an approval procedure

Property

Description

Approval procedure

Descriptor for the approval procedure (maximum two characters).

Description

Approval procedure identifier.

DBQueue Processor task

Approvals can either be made automatically through a DBQueue Processor calculation task or by specified approvers. Assign a custom DBQueue Processor task if the approval procedure should make an automatic approval decision.

You cannot assign a DBQueue Processor task if a query is entered for determining the approvers.

Max. number approvers

Maximum number of approvers to be determined by the approval procedure. Specify how many employees must really make approval decisions in the approval steps used by this approval procedure.

Sort order

Value for sorting approval procedures in the menu.

Specify the value 10 to display this approval procedure at the top of the menu when you set up an approval step.

Related topics

Queries for approver selection

The condition through which the approvers are determined is formulated as a database query. Several queries may be combined into one condition. This adds all employees determined by single queries to the group of approvers.

To edit the condition

  1. In the Manager, select the IT Shop | Basic configuration data | Approval procedures category.

  2. Select an approval procedure from the result list.

  3. Select Change queries for approver selection.

To create single queries

  1. Click Add.

    This inserts a new row in the table.

  2. Mark this row. Enter the query properties.
  3. Add more queries if required.
  4. Save the changes.

To edit a single query

  1. Select the query you want to edit in the table. Edit the query's properties.
  2. Save the changes.

To remove single queries

  1. Select the query you want to remove in the table.
  2. Click Delete.
  3. Save the changes.
Table 41: Query properties

Property

Description

Approver selection

Query identifier that determines the approvers.

Query

Database query for determining the approvers.

The database query must be formulated as a select statement. The column selected by the database query must return a UID_Person. Every query must return a value for UID_PWORulerOrigin. The query returns one or more employees to whom the request is presented for approval. If the query fails to a result, the request is aborted.

A query contains exactly one select statement. To combine several select statements, create several queries.

If a DBQueue Processor task is assigned, you cannot enter a query to determine approvers.

You can, for example, determine predefined approvers with the query (example 1). The approver can also be found dynamically depending on the request to approve. To do this, access the request to be approved within the database query using the @UID_PersonWantsOrg variable (example 2).

Example 1

Requests should be approved by a specific approver.

Query:

select UID_Person, null as UID_PWORulerOrigin from Person where InternalName='Bloggs, Jan'

Example 2

Approval for requests should be granted or denied through the requester’s parent department. The approver is the cost center manager that is assigned to the requester‘s primary department. The requester is the employee that started the request (UID_PersonInserted, for example, when placing requests for employees).

Query:
select pc.UID_PersonHead as UID_Person, null as UID_PWORulerOrigin from PersonWantsOrg pwo
   join Person p on pwo.UID_PersonInserted = p.UID_Person
   join Department d on p.UID_Department = d.UID_Department
   join ProfitCenter pc on d.UID_ProfitCenter = pc.UID_ProfitCenter
   where pwo.UID_PersonWantsOrg = @UID_PersonWantsOrg
Taking delegation into account

To include delegation when determining approvers, use the query to also determine the employees to whom a responsibility has been delegated. If the managers of hierarchical roles are to make the approval decision, determine the approvers from the HelperHeadOrg table. This table groups all hierarchical role managers, their deputy managers, and employees to whom a responsibility has been delegated. If the members of business or application roles are to make the approval decision, determine the approvers from the PersonInBaseTree table. This table groups all hierarchical role members and employees to whom a responsibility has been delegated.

Determine the UID_PWORulerOrigin in order to notify delegators when the recipient of the delegation has made a decision on a request and thus allow the Web Portal to show if the approver was originally delegated.

To determine the UID_PWORulerOrigin of the delegation

  • Determine the UID_PersonWantsOrg of the delegation and copy this value as UID_PWORulerOrigin to the query. Use the dbo.QER_FGIPWORulerOrigin table function to do this.

    select dbo.QER_FGIPWORulerOrigin(XObjectKey) as UID_PWORulerOrigin

Modified query from example 2:

select hho.UID_PersonHead as UID_Person, dbo.QER_FGIPWORulerOrigin(hho.XObjectkey) as UID_PWORulerOrigin from PersonWantsOrg pwo join Person p on pwo.UID_PersonInserted = p.UID_Person join Department d on p.UID_Department = d.UID_Department join ProfitCenter pc on d.UID_ProfitCenter = pc.UID_ProfitCenter join HelperHeadOrg hho on hho.UID_Org = pc.UID_ProfitCenter where pwo.UID_PersonWantsOrg = @UID_PersonWantsOrg
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级