Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Adding accounts to entitlement dynamically based on another entitlement

piyushm
Regular Contributor II
Regular Contributor II

Hello,

I am trying to check if there is a way to assign an entitlement to the user account based on another entitlement. For example, if a user has an entitlement with name containing a keyword(say aws) for the same endpoint then the user should automatically get Entitlement B.

One way is using the entitlement map and adding the entitlement to each entitlement having the aws keyword. But this not scalable as there will be hundreds of new entitlements created and each time we need to add the map for the newly created entitlement.

Other way is to use actionable analytics. But again this requires scheduling the analytics job and the requirement is that the addition of the automatic entitlement should be instant.

Can we trigger actionable analytics through some rule? Or Is there any other way to achieve this requirement?

22 REPLIES 22

rushikeshvartak
All-Star
All-Star

You can create request rule other 2 solutions you have already listed

entitlement map

actionable report


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

@rushikeshvartakCan you please elaborate? I am not able to understand which condition to use.

Request Rule https://saviynt.freshdesk.com/support/solutions/articles/43000431687-creating-request-rules


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

I followed the steps but the Request Rule is not getting triggered even after the approval process is completed. Below is the rule i created.

piyushm_8-1670008818996.png

Also I don't see Rules tab in the Organization that i created.

piyushm_0-1670008258690.png

Did you ran wsretry


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

Yes. There is no error in the logs. The pending tasks from the actual request are also created and completed.

Assuming it works, This still does not meet the use case requirement. If I am asking the user to select a dynamic attribute from the form then how is it different from asking the user to select that particular entitlement itself from the requestable entitlement list. The requirement here is that all users selecting any other aws entitlement should not have to select the console entitlement or any other dynamic attribute.

Whats issue with analytics report ?

please share request rule


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

The analytics report needs to be scheduled and client does not want the end user to wait for job as the user needs to login to aws console( with that entitlement) immediately after the account request approval. They have explicitly stated that the process should be automated and not job based.

Request rule -

piyushm_0-1670024700275.png

Does endpoint name matching with name visible on request history?

analytics you can run before wsretry and end user doesn’t need to wait


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

Yes, the name is matching.

They don't want to be go with Analytics option.

Share logs after wsretry run and ARS Request history screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

PFA the logs.  The new account task is 31963 and add access task is 31964. After that I ran the wsretry job. The organization entitlement task should have triggered but it didn't.

Request history screenshot.

piyushm_0-1670354016519.png

 

There is no attribute name with Org


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

Where? In the endpoint ?

It is there.

piyushm_0-1670384974005.png

 

on Request Approval


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

I don't know why it is not showing on UI. But  it is there in the request_access_attrs  table.

piyushm_0-1670428724653.png

 

Share dynamic attribute config


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

piyushm_0-1670478547262.png

SQL -  select customername as Id from customer where customername='EIS'

 

piyushm
Regular Contributor II
Regular Contributor II

@rushikeshvartak  did you find anything from the logs or screenshot? Is there any configuration which is missing or incorrectly done? Let me know. Based on the feedback I need to create ticket if its a defect or if the feature is not working.

Please store Dynamic attribute value in accounts column


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

@rushikeshvartak  Still after storing it as cp value in accounts column and after running the wsretry, the request rule task is not getting created.

piyushm
Regular Contributor II
Regular Contributor II

@rushikeshvartak  Do you think any other config that I missed?