Attestation history
The attestation history displays each step of an attestation case. Here you can follow all the approvals in the approval process in a chronological sequence. The attestation history is displayed for pending and closed attestations.
To display an attestation case in the attestation history
-
In the Manager, select the category
-
Attestation > Attestation runs > Attestation policies > <attestation policy> > Attestation runs > <year> > <month> > <day> - OR -
-
Attestation > Attestation run > Policy collections > <policy collection> > Attestation runs > <year> > <month> > <day>.
-
Select the Pending attestations or the Closed attestations filter.
-
Select an attestation case from the result list.
-
Select the Attestation history report.
These elements are colored. The color code reflects the status of the approval steps.
Table 35: Meaning of colors in the attestation history
Yellow |
Attestation case set up. |
Green |
Attestor has approved. |
Red |
Attestor has denied.
Attestation has been escalated.
Attestor has recalled the approval decision |
Gray |
Attestation has been canceled.
Case has been assigned to an extra attestor.
Additional attestor has withdrawn approval decision.
Approval has been delegated.
New attestor has withdrawn the delegation. |
Orange |
Attestor has a question.
The query has been answered.
Query was canceled due to change of approver. |
Blue |
Attestor has rerouted approval.
The approval step was reset automatically. |
Modifying approval workflows for pending attestation cases
When approval workflows are changed, a decision must be made as to whether these changes should be applied to pending attestation cases. Configuration parameters are used to define the desired procedure.
Scenario: Another approval workflow was stored with the approval policy
The newly stored workflow is only used in new requests. If changes have been made to the approval workflow in an approval policy, any pending approval processes are continued by default with the original workflow. The newly stored workflow is only used in new attestation cases. You can configure different behavior.
To specify how to handle pending attestation cases
A working copy of the originally applicable workflow is saved. The working copy is retained as long as it is used in ongoing approval processes. All unused working copies are regularly deleted using the Maintenance approval workflows schedule.
Scenario: A change was made to an approval workflow in use
If changes have been made to an approval workflow that is being used in pending attestation cases, any pending approval processes are continued by default with the original workflow. The changes to the approval workflow are only implemented for new attestation cases. You can configure different behavior.
To specify how to handle pending attestation cases
A working copy of the approval workflow that contains the original version is saved. This working copy is retained as long as it is used in ongoing approval processes. All unused working copies are regularly deleted using the Maintenance approval workflows schedule.
Related topics
Closing attestation cases for deactivated identities
Pending attestation cases must still be processed even if they have permanently deactivated in the meantime. This is not required very often because the affected identity may have, for example, left the company. In this case, you can use the option to close an identity's pending attestation cases automatically, if the identity is permanently disabled.
To close attestation cases automatically
The configuration parameter only applies if the identity to be attested is deactivated after the attestation case was created.
The configuration parameter does not apply if the identity is temporarily deactivated.
Deleting attestation cases
The AttestationCase table expands very quickly when attestation is performed regularly. To limit the number of attestation cases in the One Identity Manager database, you can delete obsolete, closed attestation cases from the database. The attestation case properties are logged and then the attestation cases are deleted. The same number of attestation cases remain in the database as are specified in the attestation policy. For more information about logging data changes tags, see the One Identity Manager Configuration Guide.
NOTE: Ensure that the logged request procedures are archived for audit reasons. For more information about the archiving process, see the One Identity Manager Data Archiving Administration Guide.
Prerequisites
To delete attestation cases automatically
-
Set the Log changes when deleting option on at least three columns in the AttestationCase table.
-
In the Designer, select the Database schema > Tables > AttestationCase category.
-
Select the Show table definition task.
This opens the Schema Editor.
-
Select a column in the Schema Editor.
-
In the edit view of the schema editor, select the More tab.
-
Set the option Log changes when deleting.
-
Repeat steps (c) to (e) for all columns that are to be recorded on deletion. There must be at least three.
-
Click on Commit to database and save the changes.
The changes take effect as soon as the DBQueue Processor has performed the calculation tasks.
-
Set the Log changes when deleting option on at least three columns in the AttestationHistory table.
-
In the Designer, select the Database schema > Tables > AttestationHistory category.
-
Repeat the steps 1(b) to 1(h) for the AttestationHistory table.
-
Enter the number of obsolete cases in the attestation policies.
-
In the Manager, select the Attestation > Attestation policies category.
-
Select the attestation policy in the result list whose attestation cases should be deleted.
-
Select the Change main data task.
-
In the Obsolete tasks limit field, enter a value greater than 0.
- Save the changes.
TIP: If you want to prevent attestation cases being deleted for certain attestation policies, enter the value 0 for the obsolete task limit for these attestation policies.
Attestation cases are deleted as soon as a new attestation is started for an attestation policy.
One Identity Manager tests how many closed attestation cases exists in the database for each attestation object of this attestation policy. If the number is more than the number of obsolete attestation cases:
-
The attestation case properties and their approval sequence are recorded.
All columns are recorded, which are marked for logging on deletion.
-
The attestation cases are deleted.
The same number of attestation cases remain in the database as are specified in the obsolete tasks limit.
If the Common | ProcessState | PropertyLog configuration parameter is deactivated later or not enough columns are marked with the Record on delete option, the value for Number of obsolete processes has no effect.
Notes for disabling attestation policies
-
Disabling an attestation policy always deletes all attestation cases.
-
The number of obsolete cases is not taken into account.
-
The attestation case are also deleted if the Common | ProcessState | PropertyLog configuration parameter is disabled. In this case, the deleted attestation cases are not logged.
Related topics