Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Advanced Query in SAVRole is not working

varunpuri
Regular Contributor
Regular Contributor

‎12/05/2023 11:36 PM

Hi,

We have created a custom SAVRole  and have done the following configuration in it - 

varunpuri_1-1701847846380.png

The query in HQL which we have used is this : 
select a from Users a where a.id in (select us.userkey from User_accounts us, Accounts cc where us.accountkey=cc.id and (cc.endpointkey = 139 or cc.endpointkey = 140) and (lower(cc.status)='1' or lower(cc.status)='manually provisioned' or lower(cc.status)='active'))

We have given this SAVRole to a user.
Now, we have logged into Saviynt dev tenant using this user and are trying to access the "Request Access for Others" feature. But no user is getting displayed there. Instead, in the logs, we get this error :
 
ERROR","An error occurred :|java.lang.IllegalArgumentException: org.hibernate.hql.internal.ast.QuerySyntaxException: User_accounts is not mapped [select count(*) as total from com.saviynt.ssm.entity.Users a where  a.id 
 
Appreciate your help here.
 
Best Regards,
Varun
Labels:
0 Kudos
7 REPLIES 7

rushikeshvartak
All-Star
All-Star

‎12/06/2023 08:21 PM

You can't use user_accounts table in sav role advanced config


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

varunpuri
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎12/06/2023 08:48 PM

Thank You, @rushikeshvartak for your response.

Is there any alternate way to achieve it ? This custom sav role has to be assigned to the endpoint owner and the use case to be achieved is this :

If the endpoint owner logs in and navigates to "Request Access for Others" then, he/she should be able to see only those Identities which have accounts on the endpoint for which this person is the owner.

Best Regards,
Varun

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to varunpuri

‎12/06/2023 09:13 PM

You need to use users customproperty and store endpointkey and try logic


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee

‎12/07/2023 11:03 AM

HI @varunpuri 

Can you let me know in which version you are trying if its 23.10 or 23.11 it should work fine.

 

Thanks

Darshan

0 Kudos

varunpuri
Regular Contributor
Regular Contributor
In response to Darshanjain

‎12/08/2023 01:35 AM

Hello @Darshanjain ,

I am trying this on version 23.11. Can you please suggest some corrections.

Best Regards,
Varun

0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee
In response to varunpuri

‎12/08/2023 03:48 AM

Hi @Varun 

As discussed, use the Classic UI ( beta ) for the time being and from 23.12 you will see the new Gen2 UI where it will work with advance filter.

 

Thanks

Darshan

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to varunpuri

‎12/08/2023 08:25 PM

Gen2 Beta version

rushikeshvartak_0-1702095899621.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC