Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/08/2024 06:37 AM
Hi All,
We have a below requirement.
User can have 2 AD Accounts. Primary and Secondary Account
Primary Account has Entitlement 1, Entitlement 2 etc
Secondary Account has Entitlement 3 having CP1=1
Requirement is:
fetch all user AD accounts having entitlements with cp1=1
Assign CyberArk Entitlement to User's Primary Account
We have achieved this using Actionable reports.
Question: Is it possible to achieve this requirement using Detective Technical Rule with HQL?
10/08/2024 07:11 AM
Yes , all tables you need are exposed for rules.
Above link has the hql class names and syntaxes
10/08/2024 07:47 AM
Hi Amit,
Thanks for your reply.
In Technical Rule Condition, we are trying to fetch list of Primary AD Accounts, not the User details and it is throwing Invalid condition. Could you please let us know if the below condition is correct?
Accounts.name in (SELECT a.name FROM Accounts a JOIN Account_entitlements1 ae ON ae.ACCOUNTKEY = a.ACCOUNTKEY JOIN Entitlement_values ev on ev.entitlement_valuekey = ae.entitlement_valuekey JOIN User_accounts ua on ua.accountkey = a.accountkey JOIN Users u on u.userkey = ua.userkey WHERE a.endpointkey = 65 AND a.status IN ('1', 'Manually Provisioned') AND ev.customproperty1=1)
Thank you
Rashmi
10/08/2024 08:00 AM
rules run on user, but it allows you to access other tables in advance query but the outcome of query has to be a user.
what you are trying in above query wont work
10/08/2024 08:30 AM
Hi Amit,
Thank you. I will modify the condition and test it.
Thank you
Rashmi
10/08/2024 08:32 AM
@rashmirudrappa Use below query i have validated it
10/08/2024 08:29 AM
USe below condition
a.id IN (select ua.userkey FROM User_accounts ua WHERE ua.accountkey IN ( SELECT a.id FROM Accounts a,Account_entitlements1 ae ,Entitlement_values ev where a.endpointkey = 65 and a.status IN ('1', 'Manually Provisioned') AND ae.accountkey= a.id and ev.id= ae.entitlement_valuekey and ev.customproperty1 = '1'))
10/08/2024 08:34 AM
Hi Rushi,
Thank you very much. I will test it and confirm.
Thank you
Rashmi