Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Manager Attestation Review - Filter out entitlements granted by Technical Rules

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:19 PM

Originally posted on June 24 2020 at 14:13 UTC

Is it possible to filter out all entitlements granted to a user from birthright technical rules? We don't want to see these entitlements in the manager review, just ones that users have that aren't part of their preassigned groups from the technical rules.


In the advanced config field Accounts Entitlement1 Query we used the filter: "ae1.assignedFromRule is null" based on the documentation. I am still seeing entitlements granted to users from technical rules in the review though.


Is the filter we used incorrect for this use case scenario? If so, is there a query we can use that does filter out entitlements granted from Technical Rules?



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
4 REPLIES 4

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:59 PM

Originally posted on June 24 2020 at 21:58 UTC

Hi Adam,


In order to exclude the birthright access from the campaign the below query without quotes can be configured in advanced config. If you still have issue please check the logs if any errors are occurring during campaign launch.


ae1.assignedFromRule is null

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:59 PM

Originally posted on June 25 2020 at 13:07 UTC

Did some more testing and found that this filter is working. There are some users who were created before the technical rule was created. Users created after the technical rule was created are having their entitlements filtered properly. We will have to run an update on the older users to get them to hit the technical rules so the filter will apply to them.



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:59 PM

Originally posted on January 26 2022 at 13:25 UTC

Hi Huisman,


We have a same requirement to exclude certain SAV_ROLES from being included in the campaign, Can you share the document that you referred to apply a relevant query under Account entitlement query.Tried by using the same filter but dint work.


Thanks

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:00 PM

Originally posted on January 26 2022 at 15:00 UTC

Mounika,


In your case, Perhaps, you could mark the entitlement(s) CustomPropertyX as "NONCERTIFIABLE" and in the Advanced Campaign Config, under Entitlements Query use : 

(custompropertyX != 'NONCERTIFIABLE' or custompropertyX is null)




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC