Question about approvals

Question

Hi team,

I have a few questions about approval flows

1. How can I send approval to individual user (stored in an custom attribute)?
2. How can I do actions based on request is approved or denied?
3. How can I customize the email during approval request send out?

Some background:

• User is created with a form and owner/requester is stored in Adaxes attribute, not manager
• accountExpire is set by default to +1 Year
• I would like to set accountExpire +6 Moths for accounts expiring in next 14 days and this should be approved by owner
  • if approved -> set accountExpire +6 Months
  • if denied -> do nothing and account will expire

Comments

For 1) I found this script and function SubmitForApproval() https://www.adaxes.com/help/RequestApprovalForUserCreation/

I created a business rule like and I get an email

Can I check if the initiator was a specific scheduled task?

Answer 1

Hello,

How can I send approval to individual user (stored in an custom attribute)?

You are right, using a script is the only way.

How can I do actions based on request is approved or denied?

You need to use a business rule triggering After updating a ApprovalRequest.

How can I customize the email during approval request send out?

Unfortunately, there is no such possibility. The email is generated automatically.

Can I check if the initiator was a specific scheduled task?

Yes, you can use the If initiator is <user> condition. As the value, specify the distinguished name of the scheduled task. For information on how to get an object DN, see https://www.adaxes.com/sdk/HowDoI.GetDnOfObject.

Comments

You need to use a business rule triggering After updating a ApprovalRequest.

Ok, how can I identify the outcome? Which property do I need to check for approve and which for deny?

Also, how can I perform action on the object where the approval process was initiated?

Unfortunately, there is no such possibility. The email is generated automatically.

Ok, will send out separate email to users. Any plans to change this in future?

Unfortunately, there is no such possibility. The email is generated automatically.

QL! Will give it a try, thanks :)

---

Hello,

Ok, how can I identify the outcome? Which property do I need to check for approve and which for deny?

You can use the ApprovalState property in the business rule. 1 is for approved and 2 is for denied.

Also, how can I perform action on the object where the approval process was initiated?

It can only be done using a script. The target object is the approval request, so you can use properties provided by the IAdmApprovalRequest interface to get the object the operation was performed on and perform necessary operations on it.

Ok, will send out separate email to users. Any plans to change this in future?

There are currently no such plans, but thank you for the suggestion. We forwarded it to the corresponding department for consideration.

---

Hi again,

how can I scope the above PS script for after updating a ApprovalRequest to only the ones I created it for?

Otherwise it will be executed against every approval, no?

And can you help me to get the information with IAdmApprovalRequest? Would this work?

$target = $Context.TargetObject()
$procBy = $Context.ProcessedBy()

And how can I test my script and run it against an approval?

---

Hello,

how can I scope the above PS script for after updating a ApprovalRequest to only the ones I created it for?

Using the Activity Scope here will not work. It must be set to All Objects.

Otherwise it will be executed against every approval, no?

That is correct and there is no other way. You need to use conditions.

And can you help me to get the information with IAdmApprovalRequest? Would this work?

Your script will not work. For the condition to be met when an approval request initiated by a certain scheduled task is updated, use the below script. In the script, the $taskDN variable specifies the distinguished name (DN) of the task. For information on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.

$taskDN = "CN=My Task,CN=Scheduled Tasks,CN=Configuration Objects,CN=Adaxes Configuration,CN=Adaxes" # TODO: modify me

$requestorDN = $Context.TargetObject.Requestor.GetPropertyValue("distinguishedName")
$Context.ConditionIsMet = $taskDN -eq $requestorDN

---

Thanks for the response.

My setup is as the following

I have user objects with owner object stored in adm-CustomAttributeObject2 and accountExpire set

I have a business unit to find accounts expiring in next 14 days

A scheduled task is running on this BU and changes the accountExpire to +6 months and sets the description to "approve started"

Now my business rule is triggered (before updating user) and checks if the accountExpire was changed (scope to same BU) If yes, I send an email with information and a approval via PowerShell is started

$approvers = @("%adm-CustomAttributeObject2%")
$Context.SubmitForApproval($approvers, $false, $false, $false, $false)

Now the requester gets two emails a) Information b) Approval from system

If he approves, the accountExpire will be set by system. I would also like to change description of the account and send out email to helpdesk with information

If he deny, I would like to change description as well of the affected account.

My business rule is

If I understand it correctly, the above condition check from you, needs to be added here as action "if powershell script returns true"?

---

Hello,

Yes, that is correct. The script has to be added via the If PowerShell script returns true condition.

---

Thanks!

One last question: How do I now get the correct information in PS Script Approved and Denied with IAdmApprovalRequest to update the affected object.

---

Hello,

Sorry for the confusion, but we are not sure what exactly you need to achieve. Please, describe the desired behavior in all the possible details with live examples.

---

My approach and steps are written above as detailed as possible

If he approves, the accountExpire will be set by system. I would also like to change description of the account and send out email to helpdesk with information

If he deny, I would like to change description as well of the affected account.

So basically, I want to update the approved object in my last trigger "after updating a approvalrequest" within the powershell script section.

Do you need something else?

---

Hello,

You did never specify what and how you want to update. Also, it is absolutely unclear what you mean by get the correct information in PS Script Approved and Denied with IAdmApprovalRequest to update the affected object. If you want to update certain properties of the object the approval request was created for, here is an example:

$targetUser = $Context.TargetObject.TargetObject

$targetUser.Put("<propertyName>", "valueToSet")
$targetUser.SetInfo()