Click HERE to see how Saviynt Intelligence is transforming the industry. |
03/18/2024 05:50 AM
Hello,
We have a usecase where for an endpoint, we want the levels of approval to go as such - first level usergroup, then manager, then if requestor is different from user requested for (like manage access for others scenario), then it should go to the user requested for for approval.
For that, I am using a custom query, leveraging one dynamic attribute that has the systerusername attribute. The code:
select userkey from users where systemUserName = (select raa.ATTRIBUTE_VALUE from ARS_REQUESTS ar, request_Access ra,request_Access_attrs raa where ar.requestkey=ra.requestkey and ra.request_accesskey=raa.request_access_key and raa.attribute_name ='adsid' and ar.requestkey=${ARSREQUEST.id})
It gives right result in data analyzer when i check with a request id, but it still goes in Saviynt Admin for approval on that level. Does anyone have any pointers? Or is it simply not possible?
Thank you
Solved! Go to Solution.
03/18/2024 06:19 AM
@savuser17 can you requiment once again , above scenario not clear out?
03/18/2024 06:21 AM
Hi,
So scenario is such - I (user a) am requesting access to this endpoint for another user (user b). So after a usergroup and manager approval, it should go to user b for approval as well.
Hope that clears it up
03/18/2024 06:21 AM
This is expected behavior as per audit. Enduser and approver can’t be same . Request will be assigned to admin