0 votes

Hi team,

I have a few questions about approval flows

  1. How can I send approval to individual user (stored in an custom attribute)?
  2. How can I do actions based on request is approved or denied?
  3. How can I customize the email during approval request send out?

Some background:

  • User is created with a form and owner/requester is stored in Adaxes attribute, not manager
  • accountExpire is set by default to +1 Year
  • I would like to set accountExpire +6 Moths for accounts expiring in next 14 days and this should be approved by owner
    • if approved -> set accountExpire +6 Months
    • if denied -> do nothing and account will expire
by (1.5k points)
0

For 1) I found this script and function SubmitForApproval() https://www.adaxes.com/help/RequestApprovalForUserCreation/

I created a business rule like and I get an email image.png

Can I check if the initiator was a specific scheduled task?

1 Answer

0 votes
by (288k points)

Hello,

How can I send approval to individual user (stored in an custom attribute)?

You are right, using a script is the only way.

How can I do actions based on request is approved or denied?

You need to use a business rule triggering After updating a ApprovalRequest.

How can I customize the email during approval request send out?

Unfortunately, there is no such possibility. The email is generated automatically.

Can I check if the initiator was a specific scheduled task?

Yes, you can use the If initiator is <user> condition. As the value, specify the distinguished name of the scheduled task. For information on how to get an object DN, see https://www.adaxes.com/sdk/HowDoI.GetDnOfObject.

0

You need to use a business rule triggering After updating a ApprovalRequest.

Ok, how can I identify the outcome? Which property do I need to check for approve and which for deny?

Also, how can I perform action on the object where the approval process was initiated?

Unfortunately, there is no such possibility. The email is generated automatically.

Ok, will send out separate email to users. Any plans to change this in future?

Unfortunately, there is no such possibility. The email is generated automatically.

QL! Will give it a try, thanks :)

0

Hello,

Ok, how can I identify the outcome? Which property do I need to check for approve and which for deny?

You can use the ApprovalState property in the business rule. 1 is for approved and 2 is for denied. image.png

Also, how can I perform action on the object where the approval process was initiated?

It can only be done using a script. The target object is the approval request, so you can use properties provided by the IAdmApprovalRequest interface to get the object the operation was performed on and perform necessary operations on it.

Ok, will send out separate email to users. Any plans to change this in future?

There are currently no such plans, but thank you for the suggestion. We forwarded it to the corresponding department for consideration.

0

Hi again,

how can I scope the above PS script for after updating a ApprovalRequest to only the ones I created it for?

Otherwise it will be executed against every approval, no?

And can you help me to get the information with IAdmApprovalRequest? Would this work?

$target = $Context.TargetObject()
$procBy = $Context.ProcessedBy()

And how can I test my script and run it against an approval? image.png

0

Hello,

how can I scope the above PS script for after updating a ApprovalRequest to only the ones I created it for?

Using the Activity Scope here will not work. It must be set to All Objects.

Otherwise it will be executed against every approval, no?

That is correct and there is no other way. You need to use conditions.

And can you help me to get the information with IAdmApprovalRequest? Would this work?

Your script will not work. For the condition to be met when an approval request initiated by a certain scheduled task is updated, use the below script. In the script, the $taskDN variable specifies the distinguished name (DN) of the task. For information on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.

$taskDN = "CN=My Task,CN=Scheduled Tasks,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me

$requestorDN = $Context.TargetObject.Requestor.GetPropertyValue("distinguishedName")
$Context.ConditionIsMet = $taskDN -eq $requestorDN
0

Thanks for the response.

My setup is as the following

I have user objects with owner object stored in adm-CustomAttributeObject2 and accountExpire set

I have a business unit to find accounts expiring in next 14 days

A scheduled task is running on this BU and changes the accountExpire to +6 months and sets the description to "approve started" image.png

Now my business rule is triggered (before updating user) and checks if the accountExpire was changed (scope to same BU) If yes, I send an email with information and a approval via PowerShell is started image.png

$approvers = @("%adm-CustomAttributeObject2%")
$Context.SubmitForApproval($approvers, $false, $false, $false, $false)

Now the requester gets two emails a) Information b) Approval from system

If he approves, the accountExpire will be set by system. I would also like to change description of the account and send out email to helpdesk with information

If he deny, I would like to change description as well of the affected account.

My business rule is image.png

If I understand it correctly, the above condition check from you, needs to be added here as action "if powershell script returns true"?

0

Hello,

Yes, that is correct. The script has to be added via the If PowerShell script returns true condition.

0

Thanks!

One last question: How do I now get the correct information in PS Script Approved and Denied with IAdmApprovalRequest to update the affected object.

0

Hello,

Sorry for the confusion, but we are not sure what exactly you need to achieve. Please, describe the desired behavior in all the possible details with live examples.

0

My approach and steps are written above as detailed as possible

If he approves, the accountExpire will be set by system. I would also like to change description of the account and send out email to helpdesk with information

If he deny, I would like to change description as well of the affected account.

So basically, I want to update the approved object in my last trigger "after updating a approvalrequest" within the powershell script section.

Do you need something else?

0

Hello,

You did never specify what and how you want to update. Also, it is absolutely unclear what you mean by get the correct information in PS Script Approved and Denied with IAdmApprovalRequest to update the affected object. If you want to update certain properties of the object the approval request was created for, here is an example:

$targetUser = $Context.TargetObject.TargetObject

$targetUser.Put("<propertyName>", "valueToSet")
$targetUser.SetInfo()

Related questions

0 votes
1 answer

Hello, We have scripts that rely on "is inactive"condition to process.I noticed that when editing a user, the "Last Logon" value is the one in the attribute " ... because there is a several days difference between both attributes. is that correct? Thanks.

asked Feb 12, 2019 by tentaal (1.1k points)
0 votes
1 answer

Hello, I'm using property pattern for few things, and i just noticed that all my property pattern are applied on user creation (i don't want it to) Is there a way to "disable" property pattern on user creation ?

asked May 6, 2016 by Alexandre (460 points)
0 votes
1 answer

I've noticed that sometimes when users are added to groups, the timestamp of the user object is not updated. If you execute LDAP queries against the modifytimestamp field, this creates ... (as seen in the web interface) (scroll to right to see entire image):

asked May 21, 2014 by BradG (950 points)
0 votes
1 answer

Hallo Everyone I've seen the Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights: https://www.adaxes.com/questions/ ... . Example: User: Peter.Steinmann Identity: Which Mailboxes AccessRights: FullAccess Kind regards,

asked Jul 6, 2022 by Sandberg94 (340 points)
0 votes
0 answers

Or would the DLs have to be manually created and rules set up? I'm starting to look into features of the product before demoing, and was hoping there was an easy answer on this one. Thanks

asked Oct 7, 2020 by SIRI-Steele (40 points)
3,538 questions
3,229 answers
8,224 comments
547,747 users