and more in a single search tool across platforms. Read the announcement here. |
12/19/2023 11:35 AM
In previous quarters our Advanced query Privileged=4 was used to bring in only entitlements marked as high for the Application owner to certify. The request for this quarter is to also include all service accounts within the campaign. We are looking for a query where the Application owner will review all Privileged entitlements and service accounts ( high and low privileged).We realized through testing that all service accounts usernames default to "Admin" and believe this may be the way to link all privileged and non privileged service account into the campaign. Is there a query where we can use and OR statement where the conditions are to include all Privileged entitlements OR users with the Username "Admin"
12/19/2023 11:46 AM
By default application owner campaign should include those service accounts. Can you try that?
12/19/2023 12:19 PM
Hello yes, I am aware that if you launch the application owner campaign by default it will include service accounts however it will also pull all users who have access to the application which we do not require the Application Owner to certify all at once. User Manager campaign is used for the purpose of non Privileged entitlements /access. So for our Application owner campaign we would only want Privileged entitlements or users with the username "Admin" to avoid all accounts going to the Application owner to certify.
12/19/2023 06:47 PM
You can use advanced configuration to filter such accounts and entitlements
12/20/2023 08:50 AM
I'm aware of the advanced query field as we have used it to previously only pull for privileged entitlements, however I am not sure what would best fit these conditions I am currently trying to fit? would it be the accounts entitlement query field ( and would we be able to use an OR statement to meet the conditions of privileged accounts OR username "Admin". how would that look like as a query
12/20/2023 09:05 AM
It would be Account Query and Entitlement Query but that will be always be evaluated in AND and not OR.
12/20/2023 09:24 AM
accountkey in (select accountkey from user_accounts ua,users u where ua.accountkey =accountkey and u.userkey=ua.userkey and u.username='admin')