Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Workflow Components | Role Attributes

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 29 2021 at 14:59 UTC

Hi Team,


We are trying to use Role Metadata in workflow (in if/else block or custom assignment). Whereas what we have observed is using the variable the request is not getting submitted. If possible can you please share as well as publish the details for extracting the same :


1. In If/Else Condition, how to check if Role Custom Property has any value. (Ex: role--> CustomProperty1 contains Yes)

2. How to check the values for following Role parameters in If/Else Workflow block : 

Sox Critical, Sys Critical, Privileged, Confidentiality, Role Type


3. Assign Request for approvals to all Role Owners or Owners with specific rank?

4. Help with following Query : 

a) Complete role details like Role Name, Owner, Entitlement Associated & Entitlement Owner of that Role. 


Please assist.


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
20 REPLIES 20

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 30 2021 at 07:28 UTC

Hi Manish,


You can use OOTB variable 'entitlement' in approval workflow to refer to the application role name and its properties. 

I hope this will help you to get the answers for your remaining queries, try and let us know.


Thanks,

Pallavi Chaudhari

Persistent Systems Ltd.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 30 2021 at 07:42 UTC

Hi Pallavi,


I referred this document and could not find anything that would help to identify role related metadata information using  OOTB variable 'entitlement' .

If possible, can you please share sample:

How can i fetch custom property/Sox Critical/Sys Critical/Privileged/Confidentiality/Role Type information in if/else workflow condition

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 30 2021 at 16:04 UTC

Hello Manish,


Refer to the following freshdesk documentation for workflow components. You will find sample conditions which you can use.


https://saviynt.freshdesk.com/support/solutions/articles/43000619101-workflow-components#WorkflowCom...


Thanks,

Pallavi Chaudhari

Persistent Systems Ltd.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 1 2021 at 04:14 UTC

Hi Pallavi,


Many thanks.

I tried using the below  :

1.  role.customproperty1='Yes'  --> use role custom property

2. entitlement.allowner.contains(requestedBy.username) -- Check for Entitlement owner as requestor

3.Checking role is sox critical 

role.soxcritical = High 

role.soxcritical > 1

4.To auto approve the new role requests when the condition matches the role owner and the requestor. 

role.getOwnerRank1().contains(user.username) eq true 

role.allowner.contains(requestedBy.username)


All above sample gave error and request was not submitted. Need assistance



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 01:17 UTC

Manish,


Are there any specific errors ? Are you not able to submit the request itself ?


Perhaps, looking at the logs and analyzing will help.




Regards,

Avinash Chhetri


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 04:13 UTC

Hi Avinash,


Attached the logs

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 04:31 UTC

Hello Manish, Condition that you have added in workflow is using the variable requestedBy which is not resolved by application. Could you please confirm the SSM version? workflow service javax.el.PropertyNotFoundException: Cannot resolve identifier 'requestedBy' Thanks, Pallavi Chaudhari Persistent Systems Ltd.
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 04:42 UTC

Hi Pallavi,


Yes, even I identified that variable not exposed.

I don't have access to application.properties access for customer env. I only have this information : Saviynt v5.5SP3


Anyhow, can you please help me answering the below query:

a) How to check if the requestor/requestee is not the owner of Role for which request is being raised in if/else block workflow?

b) Condition to check sox critical, Confidentiality, Privileged,Sys Critical of the role in  if/else block workflow?

c) How To auto approve the new role requests when the condition matches the role owner and the requestor?


Thanks

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 21:35 UTC

Hi Manish,


Please refer to the link below for documentations on some of your questions.


https://saviynt.freshdesk.com/a/solutions/articles/43000619101#WorkflowComponents-Condition:If-ElseM...


Have you tried using these ? Are these not working, any errors that you see that might help troubleshoot your issue ?




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 6 2021 at 04:34 UTC

Hi Avinash,


Following are few points :


a) How to check if the requestor/requestee is not the owner of Role for which request is being raised in if/else block workflow? --> There is no such example shared.

b) Condition to check sox critical, Confidentiality, Privileged,Sys Critical of the role in  if/else block workflow? --> There is no such example shared. I tried using role.confidentiality but says role object not exposed.

c) How To auto approve the new role requests when the condition matches the role owner and the requestor? --> role.getOwnerRank1().contains(user.username) eq true

Tried using above condition but same error, role object not exposed.

Assist please

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 7 2021 at 00:14 UTC

Manish,


If role object is not working have you tried the entitlement object ?



Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 7 2021 at 06:23 UTC

Hi Avinash,


What is the attribute name to be used for :

a) sox critical, Confidentiality, Privileged,Sys Critical  with entitlement object?

b) entitlement.getOwnerRank1().contains(user.username) eq true


using above condition, the task is getting assigned to admin

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 7 2021 at 20:45 UTC

Manish,


You can try using the variable names all in lower case. for e.g. entitlement.soxcritical, entitlement.syscritical etc


Just keep in mind that Saviynt stores these values as numeric values in the backend database, for e.g.


Very Low = 1

Low = 2

Medium = 3

High = 4

very High = 5


For the second question, I'm assuming that the expression is now getting resolved. 

Based on your requirement, you can use the workflow components to re-direct the "true" outcome from the if/else to any workflow component that you want, i.e. CustomAssignment, Resource Owner Approval etc




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 15 2021 at 13:54 UTC

 The expression entitlement.privileged is not working:


javax.el.PropertyNotFoundException: Property [privileged] not found on type [com.saviynt.ecm.identitywarehouse.domain.Roles]

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 15 2021 at 15:37 UTC

Hi Markus,


Based on the error, it doesnt seem like the  privileged attribute is exposed. May I know which Saviynt version you are on ?




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 18 2021 at 09:33 UTC

 Hi Avinash, we are on version 5.5 SP 3.7.3.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 18 2021 at 15:15 UTC

Hi Markus,


Can you try with the below format, (Note : There's a typo in the variable name).


entitlement.priviliged




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 20 2021 at 07:32 UTC

 Hi Avinash,


thanks, this does work.

Is their a way how I can find out the available variables and their naming?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 20 2021 at 07:33 UTC

Hi Avinash,


I do see a section under workflow creation  called help.

If this can be enhanced to provide supported variables would be great?


Thanks and Regards,

Manish Kumar

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 21 2021 at 19:35 UTC

Markus,


As of now, what we have is the documentation or the help feature as Manish suggested.



Manish,


We will definately provide your feedback to the PM team.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.