Access Governance Suite Workflow Extensibility: Illegal Request Handling

  • 7100006
  • 15-Mar-2013
  • 07-Aug-2013


NetIQ Access Governance Suite


Access Governance Suite Workflow Extensibility: Illegal Request Handling


Step 1: Modify stock LCM Provisioning workflow to transition to illegal request handler step when criteria for "illegal request" is detected (e.g., account ends with "_FC"). This transition can be added to the very first step in the workflow.

<Step icon="Start" name="Start">
<Transition to="Illegal Request Handler">
String APP_NAME = "Active_Directory";
boolean result = false;

// POC - Check submitted request for illegal
// criteria (account names, entitlement values).
AccountRequest ar = plan.getAccountRequest(APP_NAME);
if (null != ar) {
System.out.println("...found account request for: " + APP_NAME);
String accountId = ar.getNativeIdentity();

// POC - Look for "_FC" suffix on account name
if (accountId.endsWith("_FC")) {
System.out.println("..found illegal account in request: " + accountId);
result = true;

return result;

<Transition to="Initialize"/>

Step 2: Add step for handling illegal account request. In this example, the step sets a return message that will go back torequester and then transitions to the end of the workflow.

<Step action="addMessage" name="Illegal Request Handler">
<Arg name="message">
return "Your request is not allowed due to policy. Account: " + workflow.get("illegalItem");
<Arg name="type" value="Error"/>
<Transition to="end"/>

Step 3:Once workflow is updated, test the new capability.

Choose Accounts.png