Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:12 PM
Hello,
The following FD article talks about conditions for creating and updating roles: https://saviynt.freshdesk.com/support/solutions/articles/43000431784
How can I route role creation/modification requests to role owners? And how can I route role entitlements to role owner instead of entitlement owner?
If I use a custom assignment like "select userkey from role_owners where rolekey=${REQUESTACCESSOBJ.id} and rank = 1" then all role creations are routed to "admin" user, because it seems that there is no role owner after all, at the time of role creation.
The custom assignment works when modifying a role, however adding new entitlements again route to "admin" user by default.
I also tried storing the approver to a custom property, and assigning via "SELECT userkey FROM users WHERE username = ${role.customproperty1}" however that didn't work either.
Thanks for any help,
Juha
Solved! Go to Solution.
04/12/2022 02:34 PM
Hi Juha,
Please find the below WF Custom Assignment query to route role creation requests to role owners
Select Userkey from role_owners_history u where u.ROLE_HISTORY_KEY in (
Select ra.accesskey
from ars_requests ar
join request_access ra on ar.requestkey = ra.REQUESTKEY
where ra.REQUESTTYPE=3 and ar.requestkey = ${ARSREQUEST.id});
If you need to route role entitlements to role owner instead of entitlement owner then use below query
Select Userkey from role_owners_history u where u.ROLE_HISTORY_KEY in (
Select ra.accesskey
from ars_requests ar
join request_access ra on ar.requestkey = ra.REQUESTKEY
where ra.REQUESTTYPE=1 and ar.requestkey = ${ARSREQUEST.id});
Thanks
Ajay
04/12/2022 02:34 PM
Thanks Ajay for the tip.
However, I seem to have an issue with ROLE_HISTORY_KEY column in my instance. It seems to be empty when creating or modifying roles.
04/12/2022 02:34 PM
Hi Juha,
Please use the below query
select userkey from users where username in
(SELECT SUBSTRING_INDEX(newvalue, ' ', 1) FROM roles_historychangelog rhcl, ars_requests ar, request_access ra
WHERE ar.REQUESTKEY =ra.REQUESTKEY and ar.requestkey=${ARSREQUEST.id} and rhcl.FIELDNAME in ('OWNER','Role Owner')
and rhcl.ROLEHISTORYKEY=ra.
and ra.requesttype = 3 and substring_index(substring_
(select distinct r.rolekey from roles_historychangelog rhcl, ars_requests ar, request_access ra,roles r
WHERE ar.REQUESTKEY =ra.REQUESTKEY and ar.requestkey=${ARSREQUEST.id} and rhcl.ROLEHISTORYKEY=ra.
and ra.requesttype = 3 and r.ROLEKEY = rhcl.ROLEKEY);
For the issue i.e. ROLE_HSTORY_KEY not populated, please raise a ticket and provide the configuration you are using the role.
Thanks
Ajay
04/12/2022 02:34 PM
Hello Ajay Kumar,
is there a list what the different values for
- accesstype
- requesttype
mean?
Thanks
Florian