Core Schema Automation Examples

DQ-01: Orphan Person Detection

Purpose: Identify Person records without essential organizational context (no department or manager), which may indicate incomplete onboarding data or stale records.

AQL Query

objectType = "Person" AND Status = "Active" AND Department is EMPTY AND Manager is EMPTY

Actions

1. Lookup Objects using the AQL query
2. Advanced Compare: {{lookupObjects.count}} greater than 0
3. Send Email to CMDB Administrator:
   • Subject: "Data Quality Alert: {{lookupObjects.size}} Orphan Person Records Detected"
   • Body: List all orphan records with Name, Email, and Start Date

Benefits

• Catches incomplete HR imports within one week
• Ensures all active personnel have proper organizational assignment
• Supports accurate reporting on headcount by department

DQ-02: Team Without Lead Alert

Purpose: Flag teams missing designated leadership, which impacts incident escalation and ownership accountability.

AQL Query

objectType = "Team" AND Status = "Active" AND "Team Lead" is EMPTY

Actions

1. Lookup Objects using AQL
2. If count > 0, send email to Service Desk Manager
3. Create Jira issue in CMDB Hygiene project for follow-up

Benefits

• Ensures every active team has clear ownership
• Prevents escalation failures during incidents
• Maintains accurate service catalog data

DQ-03: Application Missing Owners

Purpose: Applications without Business Owner or Technical Owner present risk for incident response and lifecycle management.

AQL Query

objectType = "Application" AND Status = "Active" AND ("Business Owner" is EMPTY OR "Technical Owner" is EMPTY)

Actions

1. Lookup Objects
2. Branch by Criticality attribute
3. For Critical applications: Create high-priority Jira issue
4. For non-Critical: Add to weekly data quality report

Benefits

• Ensures accountability for all production applications
• Supports compliance requirements for system ownership
• Enables proper change management approvals

DQ-04: Vendor Contact Information Validation

Purpose: Detect vendors missing critical contact information that would hinder support escalation.

AQL Query

objectType = "Vendor" AND Status = "Active" AND ("Support Email" is EMPTY AND "Support Phone" is EMPTY AND "Support Portal" is EMPTY)

Actions

1. Lookup matching vendors
2. Send report to Procurement team
3. For vendors with Risk Level = "Critical", create urgent follow-up task

DQ-05: Location Hierarchy Validation

Purpose: Identify locations missing parent relationships that break hierarchical reporting and asset roll-ups.

AQL Query

objectType = "Location" AND Status = "Active" AND Type != "Headquarters" AND "Parent Location" is EMPTY

Actions

1. Lookup orphan locations
2. Generate report for Facilities team
3. Flag locations in EMEA and APAC regions for regional facilities managers

DQ-06: Cost Center Without Owner

Purpose: Cost centers without designated owners cannot approve expenditures or respond to budget inquiries.

AQL Query

objectType = "Cost Center" AND Status = "Active" AND Owner is EMPTY

Actions

1. Lookup unassigned cost centers
2. Send alert to Finance Operations
3. If cost center is linked to > 5 departments, escalate to CFO office

DQ-07: Department Hierarchy Gaps

Purpose: Detect departments not connected to organizational hierarchy (except root-level departments).

AQL Query

objectType = "Department" AND Status = "Active" AND "Parent Department" is EMPTY AND Name != "Organization" AND Name != "Executive"

Actions

1. Lookup disconnected departments
2. Cross-reference with HR system of record
3. Send reconciliation report to HR Operations

LC-01: New Person Onboarding Notification

Purpose: Alert relevant teams when new personnel records are created, triggering downstream onboarding workflows.

Condition

objectType = "Person" AND Status = "Active"

Actions

1. Send welcome email using object attributes
2. Create IT provisioning ticket with person details
3. Notify Security team for access badge creation

Email Template Example

Hi {{object.Name}},

Welcome to the organization! Your primary contact for your first day
will be {{object.Manager.Name}}. You have been assigned to the
{{object.Department.Name}} department at {{object.Location.Name}}.

LC-02: Person Status Change - Termination Processing

Purpose: When a person's status changes to "Terminated", trigger offboarding workflows.

Condition

Use Send web request to object history API to verify Status attribute changed to "Terminated"

Actions

1. Create IT deprovisioning ticket (High priority)
2. Notify Facilities for badge deactivation
3. Alert application owners where person is listed as Business Owner or Technical Owner
4. Update related team lead assignments if person led any teams

LC-03: Application Deprecation Workflow

Purpose: When an application status changes to "Deprecated", notify consuming teams and initiate migration planning.

Actions

1. Lookup all teams in "Used By Teams" relationship
2. For each team, send notification about deprecation
3. Create migration planning ticket assigned to Owning Team
4. Update application's description with deprecation notice date

LC-04: Team Deactivation Cascade

Purpose: When a team is deactivated, verify all ownership relationships are reassigned.

AQL Query

objectType = "Application" AND ("Owning Team" = "{{object.Key}}" OR "Used By Teams" = "{{object.Key}}")

Actions

1. Query applications where Owning Team or Used By Teams includes this team
2. Send report to Service Management team listing affected applications
3. Create reassignment task for each Critical or High criticality application

LC-05: Location Closure Processing

Purpose: When a location status changes to "Closed", trigger asset relocation and personnel reassignment workflows.

AQL Query

objectType = "Person" AND Status = "Active" AND Location = "{{object.Key}}"

Actions

1. Query all persons with Location = closed location
2. Send report to HR for personnel location reassignment
3. Notify Facilities for physical asset relocation
4. Create audit record of closure

LC-06: Cost Center Freeze Notification

Purpose: When a cost center status changes to "Frozen", notify all linked departments and prevent new allocations.

AQL Query

objectType = "Department" AND "Cost Center" = "{{object.Key}}"

Actions

1. Lookup departments funded by this cost center
2. Notify department heads of budget freeze
3. Alert Finance Operations for budget reallocation planning
4. Create Jira issue for budget committee review

NT-01: Expiring Vendor Review Reminder

Purpose: Alert relationship owners when vendor review dates are approaching to ensure timely vendor assessments.

AQL Query

objectType = "Vendor" AND Status = "Active" AND "Last Review Date" < now(-90d)

Actions

1. Lookup vendors needing review
2. Group by Relationship Owner
3. Send personalized reminder to each owner

NT-02: Critical Application Status Change Alert

Purpose: Immediately notify stakeholders when critical application status changes.

Condition

Criticality = "Critical" AND Status attribute changed

Actions

1. Send immediate notification to Business Owner, Technical Owner, Owning Team email, and Service Desk management
2. If Status changed to "Deprecated" or "Retired", escalate to IT Leadership

NT-03: New Team Lead Assignment Notification

Purpose: When a team lead is assigned or changed, notify relevant parties.

Actions

1. Send welcome message to new Team Lead with team details
2. Notify department head of leadership change
3. Update service desk escalation paths

NT-04: Manager Hierarchy Change Alert

Purpose: When a person's manager changes, notify HR and relevant parties for organization chart updates.

Actions

1. Notify HR Operations of reporting change
2. Send confirmation to new manager
3. If person leads any teams, notify those teams of escalation path change

NT-05: High-Risk Vendor Status Alert

Purpose: Immediately notify stakeholders when vendor risk level is elevated.

Condition

Risk Level changed to "High" or "Critical"

Actions

1. Send immediate alert to Relationship Owner, Procurement Director, and Information Security team
2. Create risk assessment task with 48-hour SLA
3. Tag vendor record for enhanced monitoring

NT-06: Department Head Vacancy Alert

Purpose: Alert HR when a department loses its designated head.

Condition

Head attribute cleared AND Status = "Active"

Actions

1. Send alert to HR Leadership
2. Send alert to Parent Department Head (if exists)
3. Create succession planning task

CM-01: Quarterly Vendor Risk Review

Purpose: Enforce quarterly reviews for high-risk and critical vendors per compliance requirements.

AQL Query

objectType = "Vendor" AND Status = "Active" AND ("Risk Level" = "High" OR "Risk Level" = "Critical")

Actions

1. For each high-risk vendor: Create compliance review ticket, Assign to Relationship Owner, Set SLA based on Risk Level (Critical: 7 days, High: 14 days)
2. Send quarterly review initiation notice to Compliance team
3. Generate audit log entry

Benefits

• Ensures regulatory compliance for vendor oversight
• Creates documented evidence of review cadence
• Supports SOC 2, ISO 27001, and similar frameworks

CM-02: Application Data Classification Audit

Purpose: Ensure all applications have proper data classification for security and compliance.

AQL Query

objectType = "Application" AND Status = "Active" AND "Data Classification" is EMPTY

Actions

1. Lookup unclassified applications
2. Group by Business Owner
3. Send classification requirement notice with 7-day deadline
4. Escalate after deadline to Information Security

CM-03: SSO and MFA Compliance Check

Purpose: Verify security controls are enabled on applications per policy requirements.

AQL Query

objectType = "Application" AND Status = "Active" AND (Criticality = "Critical" OR Criticality = "High") AND ("SSO Enabled" = false OR "MFA Required" = false)

Actions

1. Generate non-compliant application report
2. Send to Information Security team
3. For Critical applications with neither SSO nor MFA, create high-priority remediation ticket

CM-04: Annual Personnel Access Review

Purpose: Generate annual access review reports for regulatory compliance.

AQL Query

objectType = "Person" AND Status = "Active" AND "Employment Type" in ("Employee", "Contractor")

Actions

1. Generate comprehensive personnel report
2. Cross-reference with application ownership
3. Send to Compliance team for access certification
4. Create access review project with tasks per department

CM-05: Cost Center Budget Owner Certification

Purpose: Annual certification that cost center owners acknowledge budget responsibility.

AQL Query

objectType = "Cost Center" AND Status = "Active" AND Owner is NOT EMPTY

Actions

1. For each cost center, create certification task assigned to Owner
2. Set 30-day completion deadline
3. Escalate incomplete certifications to Finance leadership
4. Generate certification completion report

IN-01: HR System Person Sync Trigger

Purpose: When person records are modified, trigger synchronization with HR system of record.

Actions

1. Send web request to HR integration endpoint with person data
2. Log sync event for audit trail

Webhook Payload Example

POST /api/v1/cmdb-sync/person
{
  "employeeId": "{{object.Employee ID}}",
  "email": "{{object.Email}}",
  "department": "{{object.Department.Name}}",
  "manager": "{{object.Manager.Email}}",
  "status": "{{object.Status}}",
  "location": "{{object.Location.Name}}"
}

IN-02: ServiceNow CMDB Sync Notification

Purpose: Notify integration platform when application records change for ServiceNow synchronization.

Actions

1. Send webhook to integration middleware
2. Include all application attributes in payload
3. Log integration event

IN-03: Identity Provider User Provisioning

Purpose: Trigger identity provider actions when person status changes.

Condition

Status attribute changed

Actions

1. If Status = "Active" (new): Send provisioning request to IdP, Include department and location for access policies
2. If Status = "Terminated": Send deprovisioning request to IdP, Request immediate session termination

IN-04: Slack Channel Notification for Team Changes

Purpose: Post notifications to relevant Slack channels when team configurations change.

Actions

1. Send web request to Slack webhook with team update message

Issue: Automation not triggering on object updates

Cause: Object triggers fire on any schema update, but may not match your AQL filter.

Resolution:

1. Verify AQL syntax is correct
2. Check that attribute names match exactly (case-sensitive in some deployments)
3. Ensure the automation is enabled and scope includes the correct schema

Issue: Lookup Objects returns empty results

Cause: AQL query may have syntax errors or attribute name mismatches.

Resolution:

1. Test the exact AQL query in Assets search
2. Verify attribute names match schema definition exactly
3. Check that referenced object types exist

Issue: For AQL branch processing fewer objects than expected

Cause: For AQL branches are limited to 50 objects maximum.

Resolution:

1. Add more specific AQL filters to reduce result set
2. Split into multiple rules by category (e.g., by Region or Type)
3. Use Lookup Objects action (100 object limit) if iteration is not required

Issue: Automation loops causing excessive executions

Cause: Edit Object action triggering the same automation rule repeatedly.

Resolution:

1. Add AQL condition to exclude recently modified objects: objectType = "Person" AND updated > -1h
2. Use specific attribute conditions to prevent re-triggering
3. Consider scheduled rules instead of event-triggered for data quality checks

Q1: Can I trigger an automation when a specific attribute changes?

Answer: Native JSM Assets automation does not support triggering based on specific attribute changes through AQL conditions. The Object trigger fires on any object update. However, you can use a workaround: add a Send web request action to call the object history REST API (GET /rest/assets/1.0/object/{objectId}/history) and parse the response to determine which attribute changed most recently. Atlassian is tracking this enhancement request under JSDCLOUD-10002.

Q2: How many objects can I process in a single automation rule?

Answer: The limits are:

• Lookup Objects action: Maximum 100 objects returned
• For AQL branch: Maximum 50 objects processed per execution

For larger datasets, implement strategies such as: filtering by date ranges, splitting by object categories, or using scheduled rules that process incrementally.

Q3: Why doesn't the For AQL branch appear in my project automation?

Answer: For AQL branches are only available in Global automations, not project-level automations. Navigate to Administration > Automation (global) to access this feature. This is a platform design constraint, not a permissions issue.

Q4: How do I reference an object's attribute in an email body?

Answer: Use smart value syntax: {{object.AttributeName}} for direct attributes, or {{object.ReferenceName.AttributeName}} for attributes on referenced objects. For example:

Manager: {{object.Manager.Name}}
Department: {{object.Department.Name}}
Location: {{object.Location.City}}, {{object.Location.Country}}

For Lookup Objects results, use iteration: {{#lookupObjects}}{{Name}} - {{Email}}{{/}}

Q5: Can I update an object's attributes through automation?

Answer: Yes, use the Edit Object action. However, note these constraints:

• Only works in Global automation rules
• Only works when an object is the focus of the rule (after Object trigger or within For AQL branch)
• Does not work with Lookup Objects results
• Be careful to avoid automation loops where your edit triggers the same rule

Q6: How do I create a Jira issue from an Assets automation?

Answer: Use the Create Issue action within your automation rule. You can populate issue fields with object attributes using smart values:

Summary: Data quality issue: {{object.Name}} missing required attributes
Description: The {{object.objectType.name}} "{{object.Name}}" requires attention.

Note that within a For AQL loop, each matched object creates a separate issue. If you want one issue listing multiple objects, use Lookup Objects with iteration in the description field.

Q7: What is the difference between Lookup Objects and For AQL branch?

Answer:

• Lookup Objects: Returns a list of objects (up to 100) that you can reference collectively or iterate through in subsequent actions like Send Email. Results are accessed via {{lookupObjects}} smart value.
• For AQL branch: Creates a separate execution path for each object (up to 50) where the object becomes the focus. Better for individual actions per object like Edit Object or Create Issue per object.

Choose Lookup Objects when you need aggregate reporting (one email with multiple objects). Choose For AQL when you need individual processing per object.