OnCommand Storage Management Software Discussions

WFA - Workflow Approval

I have a storage decomission workflow.  It has several approval points i.e. an approval point before deleting the SnapMirror destination and another approval point before removing the snapVault destination etc...


I need to make sure that the user that executes the workflow is not able to resume the approval points.  This is so that a single user cannot accidentally or maliciously remove the primary, SnapMirror and SnapVault volumes as part of running a decomission workflow.


I know that it is possible to pervent operators from approving workflows and to only allow admins/architects but that isn't what i am looking for unfortunaltey.  I need operators to be able to execute and approve workflows but the operator who executed the workflow should not be able to resume an approval point for the workflow that they executed.


if anyone has any suggestions on how I might go about doing this I'd appreciate it:-)


Many Thanks,




Re: WFA - Workflow Approval



  You may be able to create a workflow that approves WFA jobs.  If so, you could create a custom command that checks the WFA "userId" for the approval workflow and compares that to the WFA "userId" for the job that needs approval.  If they are the same, throw and error and stop the workflow before it gets to the WFA job approval custom command.  I have not looked at the new powershell commandlets that access WFA db in 3.0, so I would start there.



Re: WFA - Workflow Approval

Hi Mike,


Thansk for the response.


A command that checks the userID was my intial though.  There is a user input $_WFAUser that we could use as part of the inital execution to log which user started the workflow.


The problem would then we working out which user approves the workflow.  I tried using ReST API calls to /rest/users but failed as the command runs as the user that WFA is running as and not the user that approves the workflow.


But as you say, if the user that approves the workflow is logged in the DB and there are commands to acces it that may work. Do you have any more information about the PowerShell commands that you mention please?





Re: WFA - Workflow Approval

       The Powershell cmdlet being discussed above is Invoke-MySqlQuery which can be used to connect to WFA DB , run query and fetch you the required data. By defalt it uses the WFA login user/password i.e. wfa/Wfa123 and that doesn't have access permissions to WFA's internal tables which have the information about the jobs etc. So it can't get you what is being looked for. This cmdlets is mainly to get data at command execution time from the content schema like cm_storage, storage etc. and not from WFA internal DB schema. 


There is no programatic interface available to know who has Approved the workflow. It shows in the Job history in GUI, but this info is not available via any API or cmdlet. I'm just looking to see if somthing can be obtained from WFA logs in this regard.








If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: WFA - Workflow Approval



I need a similar functionality. Is there any way to do this besides granting the wfa user select privileges on the tables containing the job execution data?


Kind regards,

Marco Teeuwen

Re: WFA - Workflow Approval

Filed an RFE for the same. BURT number 974803.