Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Queries regarding Application Roles Request Query and Selected Query

yogesh
Regular Contributor III
Regular Contributor III

I can not find proper documentation on this feature:

yogesh_0-1671632716246.png

I went through the documentation but could not find any sample queries, OR the list of variables that can be used to make the queries.

Without this information we are unable to implement our use cases.

> How to allow only certain users to view and request Application Roles in Saviynt?
> How to only allow those users who are a member of a certain saviynt group?
> Is it possible to allow different roles to different set of users based on the users attributes or group memberships?

 

14 REPLIES 14

rushikeshvartak
All-Star
All-Star

Ques1 :

Here you can write query based on roles table 

like below

r.status=1 and r.customproperty1 =${DA}

DA - Dynamic attribute name

 

Q2 : > How to only allow those users who are a member of a certain saviynt group?

This is regarding application then you can defined in access query under Endpoint

 

Q3 > 

> Is it possible to allow different roles to different set of users based on the users attributes or group memberships?

This can be possible you need to use query or use dynamic attribute for filtering

 

 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

yogesh
Regular Contributor III
Regular Contributor III

I only want to allow the users with customproperty1 set to "RoleRequestor", rest of the people should not be able to see the application roles on the request form but they can request a new account without application roles.

"Role Requestor" can request for themselves as well as for everyone else. Is it possible to set this up?

I tried setting up a sql single select dynamic attribute called "roleRequestor" with the query: 
select customproperty50 as ID from users where username = '${user.username}'

yogesh_2-1672934588428.png

I have this query in Application Role Request Query:
r.status=1 and r.customproperty10 =${roleRequestor}

yogesh_3-1672934697286.png

 

And I have set the user.customproperty50 = "RoleRequestor" and role.customproperty10 = "RoleRequestor"

Is this the correct process? Because I can see the roles even after changing user.customproperty50 to a different value, am I doing something incorrectly?

 

yogesh
Regular Contributor III
Regular Contributor III

I think it was taking some time to update even after running the microservices job, now form is not even loading at all:

yogesh_0-1672935530025.png

RUn Microservice from postman or restart server clear cache


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

yogesh
Regular Contributor III
Regular Contributor III

Unfortunately I've already tried these things:

  1. Run the microservices job from control panel
  2. run ECMv6/api/clean-cache from Postman
  3. Restart the server
  4. Waiting

However the form starts working after I remove the role request query and the DA seems to be fetching the value correctly :

yogesh_0-1672993379705.png

 

r.status=1 and r.customproperty10 ='${roleRequestor}'


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

yogesh
Regular Contributor III
Regular Contributor III

Still getting same error even with the single quotes

yogesh_0-1673519093576.png

 

Make dynamic attribute name full capital


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

yogesh
Regular Contributor III
Regular Contributor III

Still no luck:

yogesh_0-1673859790489.png

yogesh_1-1673859810588.png

 

Ques

  • Does your query printed in logs ?
  • try to change da name to simple like da1 instead of rolerequest ( may be we can’t use that)
  • when request is loaded do you see any error in browser console 

Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

yogesh
Regular Contributor III
Regular Contributor III

I changed the attribute name to da1 and role request query to just
r.customproperty1 = '${da1}'
Doesn't seem like my query is getting printed in logs, I searched with da1 as well as *da1* and I get nothing.
Not getting any clues from browser console either:

yogesh_0-1674042066463.png

 

If you remove query does it working 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

yogesh
Regular Contributor III
Regular Contributor III

Yes, as soon as I remove query it starts working 

yogesh_0-1674046421769.png

 

Change da name 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.