This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Only Allow Access Requests - No Account Requests

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:22 PM

Originally posted on March 21 2022 at 12:50 UTC

Is it possible to only allow requests for adding or removing access and NOT allow the request for a new account? Customer wants to allow requesting changes to access (entitlements) for existing correlated accounts, but not allow a request for a new account.


Thanks!

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
9 REPLIES 9

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 13:27 UTC

You can disable new account requests if the account already exists config in endpoint as well as disable remove account config. This will make sure only existing accounts can modify their access.
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 13:36 UTC

Thanks Sivagami. Can you please confirm what field you are referring to when you say 'remove account config'? Is this the CREATEACCOUNTJSON (for AD system)?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 17:47 UTC

Rereading your response Sivagami, I don't think this answers my question. I have enabled the config to not allow a new account if one already exists. What I'm looking to do is NOT allow a request for an entitlement or account for a system where the user does not have any account.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 17:51 UTC

In that case, you can use access query on the endpoint level and tailor the query to display the endpoint for users who have an active account in the endpoint (You can reference users, user_accounts and accounts table in the query to identify those users)
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 18:36 UTC

 Something like this in your endpoint access query will fulfil the requirement.

where users.userkey in (select userkey from user_accounts where accountkey in (select accountkey from accounts where endpointkey =<insert your endpointkey here> and accounts.status in ('Manually Provisioned','Active','1')))

 

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 19:11 UTC

Thanks SIvagami, I pulled this same query from the documentation. I'm trying to add 

   and users.userkey = '${users.userkey}'

to the end of the query to make it user-specific, but it's not limiting for the user the request is for. None of the following have worked, can you please confirm the syntax?


'${user.userkey}'

'${user.id}'

'${requestee.id}'


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 21 2022 at 19:19 UTC

disregard, I found it. This is working perfectly now, thank you!!!

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 22 2022 at 14:27 UTC

Hello Chris,


Could you provide an update here as to what was done to fulfill your requirements for the benefit of the community ?




Thanks,


Regards,

Avinash Chhetri



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 22 2022 at 15:06 UTC

Sure thing, below is the query I added to the Access Query field. It works beautifully, thanks for your help!


WHERE users.userkey in (select userkey from user_accounts where accountkey in (select accountkey from accounts where endpointkey in (<endpointkey>) and accounts.status in ('Manually Provisioned','Active','1')))

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2023 Khoros, LLC