By category, these default activities are available.
Table 1–4 Default Workflow Activities
Activity |
Description |
---|---|
Add Deferred Task |
Adds deferred task scanner information to an object. |
Audit Object |
Creates audit log records. |
Authenticate User Credentials | |
Authorize Object |
Tests authorization for a subject on an object in the repository. |
Checkin Object |
Commits changes to an object. |
Checkin View |
Commits an updated view. |
Checkout Object |
Locks and retrieves a repository object for editing. |
Adds deferred task scanner information to an object. |
|
Checkout View |
Gets an updateable view. |
Create Resource Object |
Creates a resource object. |
Create View |
Initializes a new view. |
Delete Resource Object |
Deletes a resource object. |
Deprovision Primitive |
Deprovisions resource accounts. |
Disable Primitive |
Disables resource accounts. |
Disable User |
Disables an Waveset user account, resource accounts, or both. |
Email Notification |
Sends email notification of an action. |
Enable Primitive |
Enables resource accounts. |
Enable User |
Enables an Waveset user account, resource accounts, or both. |
Get Object |
Retrieves a repository object. |
Get Property |
Retrieves a property. |
Get View |
Gets a read-only view. |
List Resource Objects | |
Query Object Names |
Searches for objects with matching attributes. |
Query Objects |
Searches for objects with matching attributes. |
Query Reference | |
Refresh View |
Refreshes a view that was previously checked out. |
Remove Deferred Task |
Removes deferred task scanner information from an object. |
Remove Property |
Removes an extended property on an object. |
Reprovision Primitive |
Reprovisions resource accounts. |
Run Resource Actions | |
Set Property |
Adds an extended property to an object. |
Unlock Object |
Unlocks an object that was previously checked out. |
Unlock View |
Unlocks a view that was previously checked out. |
Update Resource Object |
Modifies an object managed by a resource. |
Table 1–5 Default Approval Workflows
Activity |
Description |
---|---|
Approval |
Performs the fundamental single approver process. |
Approval Evaluator |
Recursively evaluates an Approval Definition Object to implement a complex approval process. Allows the form and template to be used to be passed in, but those can be overridden if specified in the set. |
Lighthouse Approval |
Performs the default Waveset approval process for assigned organizations, roles, and resources. Uses the Approval Evaluator process. |
Multi Approval |
Distributes approvals among multiple approvers. Users the Approval process for each approver. |
Notification Evaluator |
Recursively evaluates an Approval Definition Object to implement a complex notification process. The structure is expected to be the same as that defined for Approval Evaluator. In the standard workflow, approval definitions and notification definitions are maintained in the same structure. This is not required for a customized workflow. |
Provisioning Notification |
Standard process for notifying administrators after a provisioning operation has completed. |
Table 1–6 Default User Workflows
Activity |
Description |
---|---|
DeProvision |
Performs the standard steps to deprovision an existing Waveset user, with granular control over resource account deletion, Waveset user deletion, unlinking, and de-assignment. Individual resource operations are re-tried until successful. |
Provision |
Performs the standard steps to create a new Waveset user and provision resource accounts. Individual resource operations are re-tried until successful. |
Set Password |
Changes the password of the Waveset account and resource accounts. |
Update User Object |
Checks out a WSUser object, applies a set of changes, and checks in the object. |
Update User View |
Checks out the user view, applies a set of supplied updates, and checks in the user view. |
Update View |
Applies a collection of changes to any view. |
Table 1–7 Default End User Workflows
Activity |
Description |
---|---|
End User Update Groups |
Updates the group assignments on resources (that support groups) assigned to one of a manager’s reports. |
End User Update My Groups |
Updates the group assignments on resources (that support groups) assigned to the logged-in account. |
End User Update Roles |
Updates the role assignments for one of a manager’s reports. |
End User Update My Roles |
Updates the role assignments assigned to the logged-in account. |
End User Update Resources |
Updates the resource assignments and associated attributes for one of a manager’s reports. |
End User Update My Resources |
Updates the resource assignments and associated attributes for the logged-in account. |
Table 1–8 Default Compliance Workflows
Activity |
Description |
---|---|
Access Review Remediation |
Remediation for a single remediator working with a single UserEntitlement |
Attestation |
Creates a work item for each Attestor, and marks the User entitlement record as APPROVED when all work items complete with approved status, or REJECTED as soon as the first work item rejects. When one work item rejects, all other work items are canceled. |
Launch Access Scan |
Either launches or schedules an Access Scan Task, depending upon the setting provided by the Access Review task. It is directly called from the Access Review Workflow/Task. |
Launch Entitlement Rescan |
Launch a rescan of an Access Scan for a single user |
Launch Violation Rescan |
Launch a rescan of an Audit Policy Scan for a single user |
Multi Remediation |
Remediation for a single Compliance Violation and multiple remediators |
Remediation |
Remediation for a single Remediator working with a single Compliance Violation |
Scan Notification |
Notifies Attestors at the end of each Access Scan that they have pending Attestation work items. Sends one notification to each Attestor, regardless of the number of pendng work items. Also notifies the can owner (if any) that the scan has started and completed. This workflow takes the following input: scanName -- name of access scan scanOwner -- name of access scan owner recipients -- list of Waveset user names which should be notified notificationType --Valid types include begin, end, attest userCount -- number of users to be scanned (only on begin) |
Standard Attestation |
Creates an Attestation Subprocess for each attestor specified. |
Standard Attestation |
Creates an Attestation Subprocess for each attestor specified. |
Test Auto Attestation |
Facilitates testing new Review Determination rules without creating Attestation work items. This workflow does not create any work items, and simply terminates shortly after it starts. It leaves all User Entitlement objects in the same state that they were created in by the access scan. Use the Terminate and Delete options to clean up the results from access scans run with this workflow. |
Update Compliance Violation |
Mitigates a Compliance Violation |
The Audit Policy Scan Task and Access Scan Task task definitions both specify the forms to be used when initiating the task. These forms include fields that allow for most, but not all, of the scan task variables to be controlled.
Table 1–9 Scan Task Variables
Variable Name |
Default Value |
Purpose |
---|---|---|
maxThreads |
5 |
Identifies the number of concurrent users to work at one time for a single scanner. Increase this value to potentially increase throughput when scanning users with accounts on very slow resources. |
userLock |
5000 |
Indicates time (in mS) spent trying to obtain lock on user to be scanned. If several concurrent scans are scanning the same user, and the user has resources that are slow, increasing this value can result in fewer lock errors, but a slower overall scan. |
scanDelay |
0 |
Indicates time (in mS) to delay between issuing new scan threads. Can be set to a positive number to force Scanner to be less CPU-hungry. |