IG Administrative Approval

Within the Access Request UI, some of the roles can see all approval activities and retract them.  The searching features don't seem to work for them, which is a different issue.  What I'm primarily looking for is the ability to have a select handful of authorized users to able to find and administratively approve/deny any access request.  I've searched through the documentation and cannot seem to find a way of doing this.  This is similar to the "Provisioning / Role / Resource Administrator" roles in IDM.

  • In 3.7, when looking at the approvals page, as at least a Global Admin (there might be other authorizations that allow this) there is a "View all approvals" button/control.  It doesn't seem to work exactly as you might expect, but once you turn it on, if you navigate away and then back to the page, you can see approvals assigned to other users.  You can reassign them, or you can approve/deny them right there too.   When you navigate back, the radio button is set back to off.

    --Jim

  • Greetings,
       I am under the impression that you want a set of users to be the "admin" of the Access Request area without being full "admin" of the Governance area. If that is the case, then assign them to the "Access Request Administrator" role under Configuration -> Authorization Assignments.

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • Yes, this is exactly what we want.  What I've discovered is that there is a javascript error when changing the toggle from My Approvals to All Approvals which is why my admin users are unable to do the adminstrative tasks as appropriate.  I have opened a ticket regarding this situation. 

    It is also odd because we do not have this behaviour in our sandbox environment (running on SLES), but we have it in our client's dev and production environments (running on RHEL).  It is pretty hard to figure out as the API calls are just not happening due to the javascript error upon toggling that button.  

  • Hello,
    The issue outlined by rivey was a defect in 3.7.0 when External Workflow is not installed on the same Tomcat server as Identity Governance. That defect has been resolved and the fix is included in the 3.7.3 release (available since 02-Dec-2022).

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus