Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Approving role requests

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on December 30 2019 at 14:19 UTC

Hello,

The following FD article talks about conditions for creating and updating roles: https://saviynt.freshdesk.com/support/solutions/articles/43000431784

How can I route role creation/modification requests to role owners? And how can I route role entitlements to role owner instead of entitlement owner?

If I use a custom assignment like "select userkey from role_owners where rolekey=${REQUESTACCESSOBJ.id} and rank = 1" then all role creations are routed to "admin" user, because it seems that there is no role owner after all, at the time of role creation.

The custom assignment works when modifying a role, however adding new entitlements again route to "admin" user by default.

I also tried storing the approver to a custom property, and assigning via "SELECT userkey FROM users WHERE username = ${role.customproperty1}" however that didn't work either.

Thanks for any help,

Juha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
4 REPLIES 4

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on January 10 2020 at 09:05 UTC

Hi Juha,


Please find the below WF Custom Assignment query to route role creation requests to role owners


Select Userkey from role_owners_history u where u.ROLE_HISTORY_KEY in (
Select ra.accesskey
from ars_requests ar
join request_access ra on ar.requestkey = ra.REQUESTKEY
where ra.REQUESTTYPE=3 and ar.requestkey = ${ARSREQUEST.id});


If you need to route role entitlements to role owner instead of entitlement owner then use below query


Select Userkey from role_owners_history u where u.ROLE_HISTORY_KEY in (
Select ra.accesskey
from ars_requests ar
join request_access ra on ar.requestkey = ra.REQUESTKEY
where ra.REQUESTTYPE=1 and ar.requestkey = ${ARSREQUEST.id});


Thanks

Ajay

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on January 10 2020 at 12:59 UTC

Thanks Ajay for the tip.

However, I seem to have an issue with ROLE_HISTORY_KEY column in my instance. It seems to be empty when creating or modifying roles.



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on January 13 2020 at 05:17 UTC

Hi Juha,


Please use the below query


select userkey from users where username in
(SELECT SUBSTRING_INDEX(newvalue, ' ', 1) FROM roles_historychangelog rhcl, ars_requests ar, request_access ra
WHERE ar.REQUESTKEY =ra.REQUESTKEY and ar.requestkey=${ARSREQUEST.id} and rhcl.FIELDNAME in ('OWNER','Role Owner')
and rhcl.ROLEHISTORYKEY=ra.accesskey and ra.accesstype = 1
and ra.requesttype = 3 and substring_index(substring_index(NEWVALUE, ' ', -1),']', 1) = 1) UNION select userkey from role_owners where rank = 1 and rolekey in
(select distinct r.rolekey from roles_historychangelog rhcl, ars_requests ar, request_access ra,roles r
WHERE ar.REQUESTKEY =ra.REQUESTKEY and ar.requestkey=${ARSREQUEST.id} and rhcl.ROLEHISTORYKEY=ra.accesskey and ra.accesstype = 1
and ra.requesttype = 3 and r.ROLEKEY = rhcl.ROLEKEY);


For the issue i.e. ROLE_HSTORY_KEY not populated, please raise a ticket and provide the configuration you are using the role.


Thanks

Ajay

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on July 30 2021 at 07:24 UTC

Hello Ajay Kumar,

is there a list what the different values for 

- accesstype
- requesttype

mean? 

Thanks

Florian

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.