Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:14 PM
Hi Team,
We are trying to use Role Metadata in workflow (in if/else block or custom assignment). Whereas what we have observed is using the variable the request is not getting submitted. If possible can you please share as well as publish the details for extracting the same :
1. In If/Else Condition, how to check if Role Custom Property has any value. (Ex: role--> CustomProperty1 contains Yes)
2. How to check the values for following Role parameters in If/Else Workflow block :
Sox Critical, Sys Critical, Privileged, Confidentiality, Role Type
3. Assign Request for approvals to all Role Owners or Owners with specific rank?
4. Help with following Query :
a) Complete role details like Role Name, Owner, Entitlement Associated & Entitlement Owner of that Role.
Please assist.
Solved! Go to Solution.
04/12/2022 02:41 PM
Hi Manish,
You can use OOTB variable 'entitlement' in approval workflow to refer to the application role name and its properties.
I hope this will help you to get the answers for your remaining queries, try and let us know.
Thanks,
Pallavi Chaudhari
Persistent Systems Ltd.
04/12/2022 02:41 PM
Hi Pallavi,
I referred this document and could not find anything that would help to identify role related metadata information using OOTB variable 'entitlement' .
If possible, can you please share sample:
How can i fetch custom property/Sox Critical/Sys Critical/Privileged/Confidentiality/Role Type information in if/else workflow condition
04/12/2022 02:41 PM
Hello Manish,
Refer to the following freshdesk documentation for workflow components. You will find sample conditions which you can use.
Thanks,
Pallavi Chaudhari
Persistent Systems Ltd.
04/12/2022 02:41 PM
Hi Pallavi,
Many thanks.
I tried using the below :
1. role.customproperty1='Yes' --> use role custom property
2. entitlement.allowner.contains(requestedBy.username) -- Check for Entitlement owner as requestor
3.Checking role is sox critical
role.soxcritical = High
role.soxcritical > 1
4.To auto approve the new role requests when the condition matches the role owner and the requestor.
role.getOwnerRank1().contains(user.username) eq true
role.allowner.contains(requestedBy.username)
All above sample gave error and request was not submitted. Need assistance
04/12/2022 02:41 PM
Manish,
Are there any specific errors ? Are you not able to submit the request itself ?
Perhaps, looking at the logs and analyzing will help.
Regards,
Avinash Chhetri
04/12/2022 02:41 PM
Hi Avinash,
Attached the logs
04/12/2022 02:41 PM
04/12/2022 02:41 PM
Hi Pallavi,
Yes, even I identified that variable not exposed.
I don't have access to application.properties access for customer env. I only have this information : Saviynt v5.5SP3
Anyhow, can you please help me answering the below query:
a) How to check if the requestor/requestee is not the owner of Role for which request is being raised in if/else block workflow?
b) Condition to check sox critical, Confidentiality, Privileged,Sys Critical of the role in if/else block workflow?
c) How To auto approve the new role requests when the condition matches the role owner and the requestor?
Thanks
04/12/2022 02:41 PM
Hi Manish,
Please refer to the link below for documentations on some of your questions.
Have you tried using these ? Are these not working, any errors that you see that might help troubleshoot your issue ?
Regards,
Avinash Chhetri
04/12/2022 02:41 PM
Hi Avinash,
Following are few points :
a) How to check if the requestor/requestee is not the owner of Role for which request is being raised in if/else block workflow? --> There is no such example shared.
b) Condition to check sox critical, Confidentiality, Privileged,Sys Critical of the role in if/else block workflow? --> There is no such example shared. I tried using role.confidentiality but says role object not exposed.
c) How To auto approve the new role requests when the condition matches the role owner and the requestor? --> role.getOwnerRank1().contains(user.username) eq true
Tried using above condition but same error, role object not exposed.
Assist please
04/12/2022 02:41 PM
Manish,
If role object is not working have you tried the entitlement object ?
Regards,
Avinash Chhetri
04/12/2022 02:41 PM
Hi Avinash,
What is the attribute name to be used for :
a) sox critical, Confidentiality, Privileged,Sys Critical with entitlement object?
b) entitlement.getOwnerRank1().contains(user.username) eq true
using above condition, the task is getting assigned to admin
04/12/2022 02:41 PM
Manish,
You can try using the variable names all in lower case. for e.g. entitlement.soxcritical, entitlement.syscritical etc
Just keep in mind that Saviynt stores these values as numeric values in the backend database, for e.g.
Very Low = 1
Low = 2
Medium = 3
High = 4
very High = 5
For the second question, I'm assuming that the expression is now getting resolved.
Based on your requirement, you can use the workflow components to re-direct the "true" outcome from the if/else to any workflow component that you want, i.e. CustomAssignment, Resource Owner Approval etc
Regards,
Avinash Chhetri
04/12/2022 02:41 PM
The expression entitlement.privileged is not working:
javax.el.PropertyNotFoundException: Property [privileged] not found on type [com.saviynt.ecm.identitywarehouse.domain.Roles]
04/12/2022 02:41 PM
Hi Markus,
Based on the error, it doesnt seem like the privileged attribute is exposed. May I know which Saviynt version you are on ?
Regards,
Avinash Chhetri
04/12/2022 02:41 PM
Hi Avinash, we are on version 5.5 SP 3.7.3.
04/12/2022 02:41 PM
Hi Markus,
Can you try with the below format, (Note : There's a typo in the variable name).
entitlement.priviliged
Regards,
Avinash Chhetri
04/12/2022 02:41 PM
Hi Avinash,
thanks, this does work.
Is their a way how I can find out the available variables and their naming?
04/12/2022 02:41 PM
Hi Avinash,
I do see a section under workflow creation called help.
If this can be enhanced to provide supported variables would be great?
Thanks and Regards,
Manish Kumar
04/12/2022 02:41 PM
Markus,
As of now, what we have is the documentation or the help feature as Manish suggested.
Manish,
We will definately provide your feedback to the PM team.
Regards,
Avinash Chhetri