Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

How to Exclude Birthright Access (Account and Entitlements) from User Manager Campaign?

DaanishJawed
Saviynt Employee
Saviynt Employee

on ‎03/22/2023 07:04 AM

Use Case

By default, a User Manager campaign will allow the manager to review accounts and accesses that are granted to the user through Request Access and also assigned to them through Birthright Rules.

In case you have a requirement to allow manager to certify access and accounts granted only through Request Access then the following solution needs to implemented.

 

Applicable Version(s)

All Applicable versions
 

Solution

  1. Navigate to Certification > Click On Create Campaign > Select Campaign type as 'User Manager'> Scroll down to Advance Campaign Configuration > In Account Entitlements Query enter the below query
  2. Add the following case sensitive query:

Query - ae1.assignedFromRule is null

Note: The format is camel-case and needs to be entered in the exact format as above.


Reference Document for User Manager Campaign -

https://docs.saviyntcloud.com/bundle/EIC-Admin-v2021x/page/Content/Chapter06-EIC-Configurations/Conf...

Comments
shibinvpkvr
Regular Contributor II
Regular Contributor II
‎05/22/2023 02:37 PM

@DaanishJawed : If the Entitlement was assigned via a Role and the Role was assigned through a birthright rule, can we still use the Query - ae1.assignedFromRule is null to identify/exclude birthright access from certification? 

ASA
Regular Contributor II
Regular Contributor II
‎06/09/2023 02:06 AM

@shibinvpkvr Tested it and it works als in this case.

What it doesn't do is excluding the Enterprise Role itself from certification, if it was assigned via birthrights.

Version history
Last update:
‎03/22/2023 07:04 AM
Updated by:
Saviynt Employee
Contributors
Copyright © 2024 Khoros, LLC