<accessCertificationDefinition
xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<name>All user assignments</name>
<description>Certifies all users' assignments. Everything is certified by the administrator.</description>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment</handlerUri>
<scopeDefinition xsi:type="AccessCertificationAssignmentReviewScopeType">
<objectType>UserType</objectType>
</scopeDefinition>
<ownerRef oid="00000000-0000-0000-0000-000000000002" type="UserType"><!-- administrator --></ownerRef>
<remediationDefinition>
<style>automated</style>
</remediationDefinition>
<stageDefinition>
<number>1</number>
<name>Administrator's review</name>
<description>In this stage, the administrator has to review all the assignments of all users.</description>
<duration>P14D</duration> <!-- 14 days -->
<notifyBeforeDeadline>PT48H</notifyBeforeDeadline> <!-- 48 hours -->
<notifyBeforeDeadline>PT12H</notifyBeforeDeadline>
<notifyOnlyWhenNoDecision>true</notifyOnlyWhenNoDecision> <!-- this is the default -->
<reviewerSpecification>
<defaultReviewerRef oid="00000000-0000-0000-0000-000000000002" type="UserType" /> <!-- administrator -->
</reviewerSpecification>
<timedActions>
<time>
<value>P7D</value>
</time>
<actions>
<escalate>
<approverRef oid="018fe48d-4952-4f4b-8c0a-b8670ec1748e" type="UserType" /> <!-- some other user -->
<delegationMethod>addAssignees</delegationMethod>
<escalationLevelName>Level1</escalationLevelName>
</escalate>
</actions>
</timedActions>
<timedActions>
<time>
<value>P10D</value>
</time>
<actions>
<escalate>
<approverRef oid="42b48a07-e167-4fdc-baca-8eaa13d4eaad" type="UserType" /> <!-- yet another user -->
<delegationMethod>replaceAssignees</delegationMethod>
<escalationLevelName>Level2</escalationLevelName>
</escalate>
</actions>
<escalationLevelFrom>1</escalationLevelFrom>
<escalationLevelTo>1</escalationLevelTo>
</timedActions>
</stageDefinition>
</accessCertificationDefinition>
Escalation in Certification Campaigns
After the escalation feature has been introduced for approvals, it is now available also for certification campaigns. The configuration is very similar: timed actions are used.
Timed actions in certification campaigns
Main differences between timed actions in certification campaigns and the ones in approvals are:
-
There are four kinds of actions: completion, notification, delegation, escalation. For approval workflows, all of them are implemented. But for certification, only escalation action can be currently used. (Completion is meaningless, because certification campaigns do a kind of "auto-completion" - closing work items with the state of 'no answer'. Other actions will be implemented later.)
-
For approval work items, deadline is optional, and potentially different for all work items created at a particular approval stage. However, for certification work items, deadline is obligatory and it is the same for all the work items for all the active cases in the given certification campaign stage.This means that, at least in current implementation, the certification work item deadline is fixed. It cannot be changed as part of escalation timed action; contrary to what is usual in the case of approvals.
-
In a similar way, the escalation level is the same for all work items for all active cases in the given certification campaign stage.
Here is a sample campaign definition containing automatic escalation:
The escalations themselves are defined on lines 25-50.
As defined on line 27, seven days after campaign stage opening ("P7D") the first escalation takes place.
The new escalation level is named "Level1", and its effect is that an reviewer of 018fe48d-4952-4f4b-8c0a-b8670ec1748e
(line 31) is added (addAssignees
- line 32) to the current one.
Then, as defined on line 39, ten days after campaign stage opening ("P10D"), i.e. three days after this escalation, another one takes place.
It is named "Level2", and it replaces all existing reviewers (replaceAssignees
- line 44) with the 42b48a07-e167-4fdc-baca-8eaa13d4eaad
(line 43).
Exactly as in approvals, the chaining of escalation levels is done using constraining of timed actions to some levels using escalationLevelFrom
/escalationLevelTo
clauses (lines 48-49).