Attestor Escalation Rule (Sun Identity Manager Deployment Reference)

Sun Identity Manager Deployment Reference

Attestor Escalation Rule

A workflow calls the Attestor Escalation rule when an attestation times out because the attestor did not take action within a specified period of time. This rule returns the next person in the escalation chain based on the cycle count.

Inputs:

Accepts the following arguments:

wfcontext: WorkflowContext
userEntitlement: Current view of user entitlement, including User view
cycle: Escalation level. For the first escalation, the cycle is 1.
attestor: Name of attestor who failed to attest before the attestation request timed out.

You must specify the following for a custom Attestor Escalation rule:

AuthType	`AccessScanRule`
SubType	`AttestorEscalationRule`
Called	During an attestation workflow when a workitem times out. (Default timeout is 0— never times out).
Returns	A single attestor name or a list of attestor names, which must be valid Identity Manager account names. If the attestor does not have a manager, the Attestor Escalation rule returns `Configurator`. If the result is an invalid account name or null, the attestation workitem is not escalated.
Predefined Rules	Default EscalationAttestor
Location	Compliance > Manage Policies > Access Scan > Attestor Escalation Rule