%initiator% approval

Question

Hello,

I have a workflow for a specific kind of user creation and I want the initiator to be able to approve the final step.

The user is created during the first part of the process, then the initiator have to configure some custom permission that I cannot script. I want the initiator to approve the final step wich is an email to the new user validating his new access. That mean he needs to be able to approve himself manually.

I tried with the %adm-initiatorDN% in the $context.sendforapproval but the approbator list is empty, I guess it's because it's himself.

So is my conclusion right and we don't have that option? Or maye is there another way to approve yourself manually?

Thanks

Answer 1

Hello Alex,

It is not possible to send an Approval Request for an operation to the user that initiated the operation. In this case, the operation will be approved automatically.

If you want the Approval Request to be sent to a different user than the operation initiator, use the $Context.SubmitForApproval method in your script and pass the distinguished name (DN) of the approver as the first parameter of the method. For details, see https://www.adaxes.com/tutorials_Delega ... t_approval.
If you want to send execution of an action (e.g. Run a program or PowerShell script) for approval, you can use option Get approval for this action. In this case the action will not be executed until approved.

Comments

Hi,

Thanks for your reply.

I already know how to send for approval to someone else, I'm asking for a manual approbation by the initiator.

I think if that option doesn't exist you should maybe implement it, it is usefull if the initiator wants to make manual change or wait for a specific action outside of Adaxes before sending the confirmation to the involved user. In my case I don't want to send the confirmation email to the external user before I've grant them access to specific application where I need to have the AD user newly created.

Workflow is like:

• Create a new external user
• Manager approval
• New AD user creation
• [the part that I was expecting] Send for approval to the initiator
  -> The initiator grant specific manual permission
• Initiator manual approval when everything is set up
• Email is send to the external user to confirm his new access to our infrastructure

---

Hello Alex,

As it was mentioned in our previous post, it is not possible to have an operation initiator as approver for the operation. If such a situation happens, the operation execution will be approved automatically. However, thank you for the suggestion, we will consider it.

As for granting specific permissions manually, could you provide us with all the possible details regarding this part? Maybe, it will be possible to automate the operation and in this case the issue with manual approval by initiator will be gone by itself.

---

That's annoying but I will think about a workaround, thank you.

This task could probably be automatise but it would require tons of work, it's not worth automatising for different reason even if I love process automation.