Hello guys,

I have a customized access rights request form in FIM 2010. This form is filled by users requesting different rights to a number of applications listed. A workflow is triggered when the user clicks on submit button. However, some requested application rights don't need approval from top management.

Is there a way by which picking selected attributes within this resource can trigger different workflows?

That is, if the specific attributes are selected by users, a workflow that includes top management on approvers' list is triggered.

Regards,

Yes you can have multiple MPRs (FreeAppsMPR and ApprovalNeededAppsMPR) get applied and fire off multiple workflows. However, all AUTHZ workflows must complete before the change is committed and Action workflows begin.

So a user checks one or more of the FreeApps and hits submit. FreeAppsMPR is applied and it has now AUTHZ workflows so the change gets committed and action workflows are initiated to fulfill the request. No manager approval needed.

Now a user checks one or more of the ApprovalNeededApps hits submit. ApprovalNeededAppsMPR is applied and it initiates the AUTHZ workflow to get manager approval. Once the manager approves then the change is committed and the action workflows are initiated.

So if a user checks one or more of the FreeApps and one or more of the ApprovalNeededApps then both MPRs (FreeAppsMPR and ApprovalNeededAppsMPR) would apply. The AUTHZ workflow is initiated for manager approval. The change is not committed until approval is granted. The action workflows won't kick in until the change is committed. Remember these two or more changes are part of a single transaction. So the whole transaction is held up until manager approval is granted.

There is another way. But it is more complicated. I imagine that today you have each app as a Boolean attribute on the user. Is that correct?

For example: now we will have additional attributes on the user (Boolean for each free app, a Boolean for each restricted app, a boolean attribute for each restricted apps showing approved) and have three MPRs (FreeAppsMPR, ApprovalNeededAppsMPR and GetApprovalforAppsMPR).

The FreeAppsMPR is triggered for one of the free apps Booleans being checked and has an action workflow to fulfill the request. The ApprovedNeedAppsMPR would be triggered if one of the approval needed apps Booleans was checked. It would only have an Action workflow that sets the boolean attribute for each restricted apps showing approved to true. Which causes the GetApprovalforAppsMPR to apply which fires an AUTHN WF to get manager approval. Then after approval it has action workflows to fulfill the request.

The downside to this approach is that if a request is denied the checkbox for requesting the app is still checked and there isn't a clean way to clean it up. You might be able to find a solution to that.

So that gives you two approaches.

Thank you Lundell for your assistance.

Question: Can I achieve the above if these applications are all binded to a resource (my form here)?

Scenario: I have this resource (rights access form) created that users fill in to request for rights. The attributes in this form are the application they are requesting access rights to. There are applications that require approval from a group of managers, whereas there are those that don't necessarily need their approval.

That's where the challenge comes in. How can I link specific attributes (applications) to different workflows? And given that notifications are sent as well to approvers, in the case where a user picks applications that require authorization and those that don't require authorization, what happens?

Kind regards.