Apply Authorization Policy
The Apply Authorization Policy configuration of a WAL activity allows the (child) requests generated due to the execution of the activity to be subjected to any authorization MPRs configured.
By default, when a Create/Update/Delete request is made during the exectuion of a workflow, they are not subject to any authorization policies. When "Apply Authorization Policy" setting is set to true, the Create/Update/Delete request issued by the activity will be subject to any applicable AuthZ MPRs. The applicable AuthZ MPRs will be dependent on the details of the request and the identity of the requester as per the Request Actor configuration of the activity.
When this setting is set to true, the WAL Create Resource activity will not be able to populate the Resource ID of the newly requested resource to the desired target storage (e.g. as a WorkflowData item) since the request will not be committed until the authorization is successfully complete.
The ability to apply authorization policy to requests originating within workflows allows you to support scenarios where you need to take actions (create subsequent requests) based on the content of the originating request to which you wish authorization to apply. This is sometimes also called as Request Splitting.
This setting is typically used in conjunction with the Request Actor configuration to trigger the AuthZ MPRs.
The following Update Resources activity submits an automated request to extend the end-date for contractors by 6 months that is subjected to a Manager Approval workflow. For an end-to-end implementation see Automated Contractors End Date Extension with Approval:
| Activity Display Name | Extend Contractor End-date | |
| Request Actor | Search by Account Name | |
| Actor Account Name | fim.automation.agent | |
| Apply Authorization Policy | True | |
| Value Expression | Target | Allow Null |
| DateTimeAdd(DateTimeNow(), "180.00:00:00.0") | [//Target/EmployeeEndDate] | |