Saviynt Forums

yogesh · ‎12/21/2022

I can not find proper documentation on this feature:

I went through the documentation but could not find any sample queries, OR the list of variables that can be used to make the queries.

Without this information we are unable to implement our use cases.

> How to allow only certain users to view and request Application Roles in Saviynt?
> How to only allow those users who are a member of a certain saviynt group?
> Is it possible to allow different roles to different set of users based on the users attributes or group memberships?

rushikeshvartak · ‎12/21/2022

Ques1 :

Here you can write query based on roles table

like below

r.status=1 and r.customproperty1 =${DA}

DA - Dynamic attribute name

Q2 : > How to only allow those users who are a member of a certain saviynt group?

This is regarding application then you can defined in access query under Endpoint

Q3 >

> Is it possible to allow different roles to different set of users based on the users attributes or group memberships?

This can be possible you need to use query or use dynamic attribute for filtering

Regards,
Rushikesh Vartak

yogesh · ‎01/05/2023

I only want to allow the users with customproperty1 set to "RoleRequestor", rest of the people should not be able to see the application roles on the request form but they can request a new account without application roles.

"Role Requestor" can request for themselves as well as for everyone else. Is it possible to set this up?

I tried setting up a sql single select dynamic attribute called "roleRequestor" with the query:
select customproperty50 as ID from users where username = '${user.username}'

I have this query in Application Role Request Query:
r.status=1 and r.customproperty10 =${roleRequestor}

And I have set the user.customproperty50 = "RoleRequestor" and role.customproperty10 = "RoleRequestor"

Is this the correct process? Because I can see the roles even after changing user.customproperty50 to a different value, am I doing something incorrectly?

yogesh · ‎01/05/2023

I think it was taking some time to update even after running the microservices job, now form is not even loading at all:

rushikeshvartak · ‎01/05/2023

RUn Microservice from postman or restart server clear cache

Regards,
Rushikesh Vartak

yogesh · ‎01/06/2023

Unfortunately I've already tried these things:

Run the microservices job from control panel
run ECMv6/api/clean-cache from Postman
Restart the server
Waiting

However the form starts working after I remove the role request query and the DA seems to be fetching the value correctly :

rushikeshvartak · ‎01/08/2023

r.status=1 and r.customproperty10 ='${roleRequestor}'

Regards,
Rushikesh Vartak

yogesh · ‎01/12/2023

Still getting same error even with the single quotes

rushikeshvartak · ‎01/12/2023

Make dynamic attribute name full capital

Regards,
Rushikesh Vartak

yogesh · ‎01/16/2023

Still no luck:

rushikeshvartak · ‎01/16/2023

Ques

Does your query printed in logs ?
try to change da name to simple like da1 instead of rolerequest ( may be we can’t use that)
when request is loaded do you see any error in browser console

Regards,
Rushikesh Vartak

yogesh · ‎01/18/2023

I changed the attribute name to da1 and role request query to just
r.customproperty1 = '${da1}'
Doesn't seem like my query is getting printed in logs, I searched with da1 as well as *da1* and I get nothing.
Not getting any clues from browser console either:

rushikeshvartak · ‎01/18/2023

If you remove query does it working

Regards,
Rushikesh Vartak

yogesh · ‎01/18/2023

Yes, as soon as I remove query it starts working

rushikeshvartak · ‎01/18/2023

Change da name

Regards,
Rushikesh Vartak

Saviynt Forums

Queries regarding Application Roles Request Query and Selected Query