Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Entitlement Restriction on Request form

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2020 at 16:44 UTC

Hello,


I want to restrict entitlements based on their owners in the request form. Let's say, if I am the owner of entitlement ABC, and I login to Saviynt, clicks Request Access for Others. On the request form, I should see only ABC entitlement in the form.


Is there a way possible to do this? Please let me know.


Regards,

Yashpal

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
2 REPLIES 2

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 13 2020 at 06:57 UTC

There is a filter on each entitlement type - "Config for Available Entitlement in Service Account" through which you can control the list of entitlements that you see while requesting. You can make use of that.


Regards,

Aditya

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 17 2021 at 09:37 UTC

Hi,

I am also struggling with displaying entitlements based on user attributes say City or Country. Query in 'Config for Requestable Entitlement in ARS' gives below validation message

Dynamic Attribute: requestee used in query does not exist in Endpoint for query ‘ev.customproperty1 in (select city from Users where userkey in (${requestor}))' as suggested in freshdesk. It works for dynamic attributes only but do not filter based on the user attributes as mentioned above. The version I am using is 5.5SP3.

Config For Requestable Entitlement In ARS

Specify the query based on the logged-in user or the user(s) for which request is being placed respectively to limit the display of the entitlements in Available Entitlements. You can use the ‘requestor’ and ‘requestee’ objects in the query to filter the entitlements to be displayed in the Available Entitlements.
For Example.

· Add the below query to display the entitlement in the request form, when the value specified in customproperty1 is selected from dynamicAttribute1.

ev.customproperty1='$(<dynamicAttribute1>)'

· Filter entitlements based on the user(s) for whom the request is being placed.

ev.customproperty1 in (select city from Users where userkey in (${requestee}))

· Filter entitlements based on the requestor.

ev.customproperty1 in (select city from Users where userkey in (${requestor}))

Note

In the above syntax, the variables and table names used are case-sensitive.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.