This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attestation not working ver 8.0

Hi Experts,

Attestation for Custom target system was working good, suddenly it's stopped working.

When I attest a single object from manager, No DecissionRequired is not  getting triggered and triggers the abort request.

Says no approver found. I have given recipient manager's approval and the manager is already assigned.

Any pointers.

Thanks,

Aad

  • Hi All,

    There are some open cases in forum, not sure is it a know issue.

    www.quest.com/.../user-recertification-auto-aborted-by-system

    www.quest.com/.../user-recertification-failing

    I tried after full compilation and clearing the cache, still same.

    Please advice

    Regards,
    AAD
  • The links you have provided have different reasons and there is no known issue.

    But allow me to ask if you can provide more details around your approval workflow and what you mean with nodecision required?
  • Hi Markus,

    Below is approval workflow for my attestation process, which was working till couple of days back. I haven't done any change in my attestation process after that. 

    I mean to say after the test attestation case "DecisionRequired" event is not triggering instead of "Abort" is triggered. I have given logs for the scenario's.

    System entitlement attestation log(Not Working):

    2018-05-17 10:54:59 +04:00 - \ADIDMTDBSRV01 - Process step parameter 1F490E33-7899-43AC-8682-EF9F74B6E6ED: [Job] ComponentAssembly=HandleObjectComponent ComponentClass=VI.JobService.JobComponents.HandleObjectComponent Task=CallMethod Executiontype=INTERNAL [Parameters] ConnectionProvider=VI.DB.ViSqlFactory,VI.DB ConnectionString=Hidden MethodName=Abort objecttype=AttestationCase param1=#LDS#Automatic system approval: No approver available.| ProcID=07ac267b-3765-43f2-9757-04e71d2a6473 Save=True WhereClause=(UID_AttestationCase = 'b60f4e7d-a300-4848-9402-7311d43764cc') and ( IsClosed = 0 ) 2018-05-17 10:54:59 +04:00 - Info: Loading configuration parameters...
    2018-05-17 10:54:59 +04:00 - Warning: AttestationCase: Event Aborted is not defined.
    2018-05-17 10:54:59 +04:00 - Info: Last process step request succeeded.
    2018-05-17 10:54:59 +04:00 - \ADIDMTDBSRV01 - VI.JobService.JobComponents.HandleObjectComponent - 1F490E33-7899-43AC-8682-EF9F74B6E6ED: Successful Method Abort was called for 1 object(s) of type AttestationCase.

     

    system role attestation log (Working):

    2018-05-17 11:05:29 +04:00 - \ADIDMTDBSRV01 - Process step parameter FD5B5BDB-C5B0-4A07-A4A5-E6665A05D7BB: [Job] ComponentAssembly=HandleObjectComponent ComponentClass=VI.JobService.JobComponents.HandleObjectComponent Task=FireGenEvent Executiontype=INTERNAL [Parameters] ConnectionProvider=VI.DB.ViSqlFactory,VI.DB ConnectionString=Hidden EventName=DecisionRequired objecttype=AttestationHelper ProcID=2598bf4d-4679-4d8b-8598-f56c1bfd3e46 WhereClause=XObjectKey in ('<Key><T>AttestationHelper</T><P>5FA09521-2EEB-4374-89F0-73659CBE6386</P></Key>') 2018-05-17 11:05:29 +04:00 - Info: Last process step request succeeded.
    2018-05-17 11:05:29 +04:00 - Info: Loading configuration parameters...
    2018-05-17 11:05:29 +04:00 - \ADIDMTDBSRV01 - VI.JobService.JobComponents.HandleObjectComponent - FD5B5BDB-C5B0-4A07-A4A5-E6665A05D7BB: Successful The event DecisionRequired was triggered for 1 object(s) of type AttestationHelper.

    Thanks,

    AAD

  • The system aborts the System entitlement attestation because it cannot determine an approver for one of your approval steps. So if something has changed, it might be your data in the database that will be used to determine the approver (no configuration change but a change of content data like role owners etc).

    My suggestion is, check your approval workflow and check if the condition to identify an approver is still satisfied for the attestation that fails.
  • Hi Markus,

    The data seems to be perfect, I queried the DB also.
    And this is not failing for 1 user for all the users having the custom target system.
    Totally I have 5 custom target system, all the attestation policy uses the same approval policy and everything fails.

    regards,
    AAD
  • Can you share the approval workflow?
  • The approval method DM is only able to find an approver if the attestation case is based on either the Person table or the PersonInDepartment table. To be specific AttestationCase.ObjectKeyBase has to point to objects from one of those two tables. In your case of a system entitlement attestation, this will never be the case.

    I doubt that your workflow has ever produced viable results for that kind of attestation.

    But let's assume it does, it might do because you had some people assigned to the application role Identity & Access Governance\Attestation\Chief approval team which is meant to avoid aborts due to an insufficient amount of approvers. This would explain your observation that you have nothing changed but it stopped working. Someone removed all members of that application role, and that's why your faulty approval policy is now unable to find any approvers.

     

     

  • Hi markus,

    yes, I removed a person from Chief approval team. Now how to solve this ?

    Thanks,
    AAD
  • Add him again, or make a valid approval workflow.