Escalation in Certification Campaigns

Last modified 02 Jul 2024 14:22 +02:00

After the escalation feature has been introduced for approvals, it is now available also for certification campaigns. The configuration is very similar: timed actions are used.

Timed actions in certification campaigns

Main differences between timed actions in certification campaigns and the ones in approvals are:

  1. There are four kinds of actions: completion, notification, delegation, escalation. For approval workflows, all of them are implemented. But for certification, only escalation action can be currently used. (Completion is meaningless, because certification campaigns do a kind of "auto-completion" - closing work items with the state of 'no answer'. Other actions will be implemented later.)

  2. For approval work items, deadline is optional, and potentially different for all work items created at a particular approval stage. However, for certification work items, deadline is obligatory and it is the same for all the work items for all the active cases in the given certification campaign stage.This means that, at least in current implementation, the certification work item deadline is fixed. It cannot be changed as part of escalation timed action; contrary to what is usual in the case of approvals.

  3. In a similar way, the escalation level is the same for all work items for all active cases in the given certification campaign stage.

Here is a sample campaign definition containing automatic escalation:

Certification campaign with escalations
<accessCertificationDefinition
        xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <name>All user assignments</name>
    <description>Certifies all users' assignments. Everything is certified by the administrator.</description>
    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment</handlerUri>
    <scopeDefinition xsi:type="AccessCertificationAssignmentReviewScopeType">
        <objectType>UserType</objectType>
    </scopeDefinition>
    <ownerRef oid="00000000-0000-0000-0000-000000000002" type="UserType"><!-- administrator --></ownerRef>
    <remediationDefinition>
        <style>automated</style>
    </remediationDefinition>
    <stageDefinition>
        <number>1</number>
        <name>Administrator's review</name>
        <description>In this stage, the administrator has to review all the assignments of all users.</description>
        <duration>P14D</duration>   <!-- 14 days -->
        <notifyBeforeDeadline>PT48H</notifyBeforeDeadline> <!-- 48 hours -->
        <notifyBeforeDeadline>PT12H</notifyBeforeDeadline>
        <notifyOnlyWhenNoDecision>true</notifyOnlyWhenNoDecision>  <!-- this is the default -->
        <reviewerSpecification>
            <defaultReviewerRef oid="00000000-0000-0000-0000-000000000002" type="UserType" />   <!-- administrator -->
        </reviewerSpecification>
        <timedActions>
            <time>
                <value>P7D</value>
            </time>
            <actions>
                <escalate>
                    <approverRef oid="018fe48d-4952-4f4b-8c0a-b8670ec1748e" type="UserType" />  <!-- some other user -->
                    <delegationMethod>addAssignees</delegationMethod>
                    <escalationLevelName>Level1</escalationLevelName>
                </escalate>
            </actions>
        </timedActions>
        <timedActions>
            <time>
                <value>P10D</value>
            </time>
            <actions>
                <escalate>
                    <approverRef oid="42b48a07-e167-4fdc-baca-8eaa13d4eaad" type="UserType" />  <!-- yet another user -->
                    <delegationMethod>replaceAssignees</delegationMethod>
                    <escalationLevelName>Level2</escalationLevelName>
                </escalate>
            </actions>
            <escalationLevelFrom>1</escalationLevelFrom>
            <escalationLevelTo>1</escalationLevelTo>
        </timedActions>
    </stageDefinition>
</accessCertificationDefinition>

The escalations themselves are defined on lines 25-50. As defined on line 27, seven days after campaign stage opening ("P7D") the first escalation takes place. The new escalation level is named "Level1", and its effect is that an reviewer of 018fe48d-4952-4f4b-8c0a-b8670ec1748e (line 31) is added (addAssignees - line 32) to the current one.

Then, as defined on line 39, ten days after campaign stage opening ("P10D"), i.e. three days after this escalation, another one takes place. It is named "Level2", and it replaces all existing reviewers (replaceAssignees - line 44) with the 42b48a07-e167-4fdc-baca-8eaa13d4eaad (line 43). Exactly as in approvals, the chaining of escalation levels is done using constraining of timed actions to some levels using escalationLevelFrom/escalationLevelTo clauses (lines 48-49).

Was this page helpful?
YES NO
Thanks for your feedback