Allowed Resources or Allowed Roles

18 Managing Approval Policies 18-1 18 Managing Approval Policies Approval policy is a configurable entity of request management that helps associate various request types with approval processes defined in the request service only for request-level and operation-level approvals. It associates approval workflows to be initiated at request or operation levels for a request type. You can use approval policies to associate various request types with various approval processes, which are the SOA-based workflows. Approval policies control which approval process is to be invoked based on the request data evaluation. You can define multiple approval policies for a request type. Each approval policy is associated with an approval process. When the request is submitted, in the approval initiation phase, all the approval processes associated with the request type are picked up dynamically. Each approval policy has a priority in the backend. Each approval policy decides on what process to invoke based on approval policy priority and approval policy rule. Approval policy priorities are based on the following: ■ For request level, request type + request level ■ For operation level, request type + operation level + scope, which is the specific entity associated with the request When the request engine tries to initiate the approval workflow, it picks up all the available approval policies for that request type in the order of priority. The approval policy with highest priority is taken up and its approval policy rule is evaluated. If the evaluation fails, then the approval policy rule of the approval policy with the next priority is evaluated. If the outcome of the evaluation is true, then the corresponding approval process associated with the approval policy is selected to be the workflow for that request. For information about creating approval policy rules, see Creating Approval Policies on page 18-4. This chapter describes the following topics: ■ Approval Selection Methodologies ■ Creating Approval Policies ■ Searching Approval Policies Note: There is only one approval policy rule per approval policy. The rules can be complex, containing multiple conditions and other rules. The rules do not exist as independent entities and cannot be reused in any other approval policy. There is no default rule for an approval policy. 18-2 Oracle Fusion Middleware Users Guide for Oracle Identity Manager ■ Modifying Approval Policies ■ Modifying the Priority of an Approval Policy ■ Deleting Approval Policies

18.1 Approval Selection Methodologies

An approval process selection methodology is an algorithm that selects the approval workflow to be initiated. Based on the request type and the approval level, the request engine decides which methodology to be used and evaluates the approval process accordingly. If no approvals are defined at the request level, it means that a default approval process is invoked. This default approval process is shipped with Oracle Identity Manager and is assigned to the administrator. If no approvals are defined at the operation level, it means that a default approval process is invoked. If no template-level approvals are defined, then it is assumed that no approvals are required at that level. The following methodologies are used: ■ Request-Level Methodology ■ Operation-Level Methodology: Organization-Based Selection ■ Operation-Level Methodology: Resource-Based Selection ■ Operation-Level Methodology: Role-Based Selection

18.1.1 Request-Level Methodology

This methodology is used for all request types at the request level of approval. The determination algorithm of the request-level selection methodology is as follows:

1. Search for all the approval policies configured for the request level and for the

request type with which the request is associated in ascending order of approval policy priority. If the approval policies matching this criteria are found, then:

a. Evaluate the approval policy rules associated with each approval policy to

determine the approval workflow. When evaluating the approval policy rules, for the first approval policy rule whose evaluation results in true, the corresponding approval workflow associated with that approval policy is selected. If automatic approval is specified in the approval policy, then request level approval is automatically approved.

b. If none of the approval policy rules are satisfied, then it is considered that no

approval workflow is configured at the request level.

2. If no approval workflow is determined, then the default request-level approval is

selected. Note: Only the users that are members of the APPROVAL POLICY ADMINISTRATORS role are authorized to create, search, modify, and delete approval policies. See Approval Policy Management on page 15-27 for more information about authorization for approval policies.