Disable requestee or requester approval

Disable requestee or requester approval

In some cases, the requester or requestee of an activity can also serve as a workflow participant for an approval.
The enrole.workflow.disablerequesteeapproval and enrole.workflow.disablerequesterapproval properties are defined in the enRole.properties file. Use these properties to specify whether to skip the requestee or requester from the approver list, if the requestee or requester is also an approver. These properties are applicable only for normal and recertification approvals.

enrole.workflow.disablerequesteeapproval

Use the enrole.workflow.disablerequesteeapproval property to specify whether to remove the requestee and its delegate from the approver list. This property is applicable if the requestee (the user for whom the request is initiated) is also an approver. The default value of the property is false.
When the value is false, the approval request then goes to the approvers, including the requestee, if the requestee is also an approver. If you set the property to true, IBM Security Identity Manager does the following actions:

Removes the requestee and its delegate from the approver list if the requestee is identified as an approver as a result of participant resolution. The approval goes to the other approvers.
Considers the participant resolution as Unresolved Participant if the requestee or its delegate is a single approver or a single escalation approver. The request is then sent to the escalation participant if it is defined and is not escalated already. Otherwise, the approval request is sent to a system administrator group member.
Removes the requestee and its delegate from the approver list even when the user is a system administrator group member.
Precedes over the enrole.workflow.skipapprovalforrequester property if the enrole.workflow.skipapprovalforrequester property is also set to true. The requestee and its delegate are removed from the approver list if the requester and requestee are the same, including the request approver. The approval process is not skipped.

Example
enrole.workflow.disablerequesteeapproval=true

enrole.workflow.disablerequesterapproval

IBM Security Identity Manager considers the enrole.workflow.disablerequesterapproval property value only when the enrole.workflow.skipapprovalforrequester and the enrole.workflow.selfapproval property values are set to false. The enrole.workflow.disablerequesterapproval property specifies whether to disable the requester approval when the activity requester is the single approver. The default value of this property is false.
When the value is false, the ISIM works in accordance with the value that you set for the enrole.workflow.skipapprovalforrequester property. The enrole.workflow.skipapprovalforrequester property behavior does not change.
Use the enrole.workflow.disablerequesterapproval property to specify whether to remove the requester and its delegate from the approver list. This property is applicable if the requester (the user who submitted the request) is also an approver. If you set the enrole.workflow.skipapprovalforrequester property to false and the enrole.workflow.disablerequesterapproval property to true, the ISIM does the following actions:

Removes the requester and its delegate from the approver list if the requester is an approver as a result of participant resolution. The approval goes to the other approvers.
Considers the participant resolution as Unresolved Participant if the requester or its delegate is a single approver or a single escalation approver. The request is then sent to the escalation participant if it is defined and is not escalated already. Otherwise, the approval request is sent to a system administrator group member.
Removes the requester and its delegate from the approver list even when the user is a system administrator group member.

Example
enrole.workflow.skipapprovalforrequester=false enrole.workflow.disablerequesterapproval=true

Parent topic: Workflow participants