Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Configuration for requestable Entitlement in ARS base on Account Type

rama_roy
New Contributor III
New Contributor III

HI team,

We need to setup a process where a set of Entitlements will be requestable only for Privileged Accounts.

Please let us know the configuration details. Can we use accounts table reference in "Config for Selected Entitlement in ARS" under Entitlement Type in Endpoint.

Regards,
Rama
 

10 REPLIES 10

Raghu
All-Star
All-Star

@rama_roy  you can achieve based Dynamic attriute

let say attribute name 'Apps'

Example:

Apps query= select customproperty1  as Id from entitlmentvalues from where customproperty1  in ( select accounttype from accounts where accounttype =12)

now you need declare in

Config for Selected Entitlement in ARS : ev.customproperty1 = '${apps}'

same like above as requirement  you need prepare query and pass it config level.

ref query:

https://forums.saviynt.com/t5/identity-governance/filter-selectable-application-roles-based-on-the-s...

 

https://forums.saviynt.com/t5/identity-governance/using-case-condition-in-config-for-requestable-ent...

 

https://forums.saviynt.com/t5/identity-governance/hide-an-entitlement-role-in-ars-request-based-on-r...

 

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

rama_roy
New Contributor III
New Contributor III

Thanks for the update. Let me try this solution  and I will get back to you in a couple of days.

Regards,
Rama

rama_roy
New Contributor III
New Contributor III

Hi,

The above solution is not working. Please let me know how to get account type from dynamic attribute.


Regards,
Rama

rama_roy
New Contributor III
New Contributor III

Hi Team,
Can I get some update on this?

Regards,
Rama

Share request form screenshot 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi ,
Are you asking about the ARS page screenshot? 
Please let me know how to get account object in dynamic attribute?

Apps query= select customproperty32  as Id from entitlmentvalueswhere customproperty32  in ( select accounttype from accounts where accounttype =12)
I am using accounttype=Privileged but seeing the entitlements in ARS page which are marked as Privileged in Customproperty32=Privileged

Regards,
Rama

Yes ARS 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.


accountType1= select customproperty32  as Id from entitlmentvalueswhere customproperty32  in ( select accounttype from accounts where accounttype =Privileged)
I am seeing all the entitlements in ARS page which are not marked as Privileged in entitlement customproperty32 as Privileged

Hi @rama_roy ,

How are the privileged accounts defined?

Sharing both cases if this helps:

CASE A. New account request from ARS -

  1. A new simple dynamic attribute 'accounttype' to be created with ENUM - 'Privileged'
  2. Add ev.customproperty1 = '${accounttype}' in 'Config for requestable Entitlement in ARS' and 'Config for selected Entitlement in ARS
  3. By doing this, you should able to filter selected entitlements when users selects accounttype as 'Privileged'.
  4. Also, incase you want to see the rest of the entitlements, please introduce a new value (Ex: Non-Privileged) in 'accounttype' and update rest of the entitlements customproperty1 to be this value.

CASE B. For an update account request from ARS -

  1. Make sure you save the accounttype in customproperty1 of an account and populate in a new dynamic attribute 'accounttype2' where 'Account Column' value is customproperty1 (This will bring back the value stored in account table)
  2. PremMahadikar_0-1710415630873.png
  3.  You can add ev.customproperty1 = '${accounttype}' or ev.customproperty1 = '${accounttype1}' in 'Config for requestable Entitlement in ARS' and 'Config for selected Entitlement in ARS
  4. This configuration will fetch selected entitlement for requesting access

I have used another DA for Case B. But creation of another DA (Case B) will depend on the use case, how many values in ENUM you want to display for new account request and not to be displayed in an update account request. Play with 'Hide on create' and 'Hide on update'. If values in DA are same for both new and update account request, you can use one dynamic attribute.

 

 

If this reply answered your question, please consider selecting Accept As Solution and hit kudos.

Fix query 

select customproperty32  as Id from entitlement_values where customproperty32  in ( select accounttype from accounts where accounttype ='Privileged')


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.