Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Assign Sav Role based on Entitlement

SanthoshAradhya
New Contributor
New Contributor

We are trying to assign assign DAM Sav Role for users who are part of certail entitlements in AD. We are trying to use below query but not able to fetch data. Can you assist on appropriate way to provision Sav role automatically when certail entitlements are provisioned or thru analytics.

select distinct u1.userkey as userKey, a1.accountkey as acctKey, a1.name as accName, (SELECT ev2.ENTITLEMENT_VALUEkey
FROM entitlement_values ev2, entitlement_types et2, endpoints e
WHERE ev2.ENTITLEMENT_VALUE='ROLE_DEPARTMENTAL_ACCESS_MANAGER' and ev2.STATUS=1 and et2.ENDPOINTKEY = e.ENDPOINTKEY and ev2.ENTITLEMENTTYPEKEY=et2.ENTITLEMENTTYPEKEY and e.ENDPOINTKEY = (SELECT endpointkey FROM endpoints WHERE endpointname = 'MyITAccess')) as entvaluekey, 'Provision Access' as Default_Action_For_Analytics
from users u1, endpoints e,user_accounts ua1, accounts a1 , account_entitlements1 ae1,user_savroles usr,
entitlement_values ev, entitlement_types et
where u1.USERKEY = ua1.USERKEY and ua1.ACCOUNTKEY = a1.ACCOUNTKEY and a1.ACCOUNTKEY = ae1.accountkey and
ae1.ENTITLEMENT_VALUEKEY = ev.ENTITLEMENT_VALUEKEY and ev.Entitlementtypekey = et.Entitlementtypekey and
et.ENDPOINTKEY = e.ENDPOINTKEY and e.ENDPOINTKEY = (SELECT endpointkey FROM endpoints WHERE endpointname = 'ADWashington') and
u1.userkey in (select u1.userkey from users u1, endpoints e,user_accounts ua1, accounts a1 , account_entitlements1 ae1,
entitlement_values ev where u1.USERKEY = ua1.USERKEY and ua1.ACCOUNTKEY = a1.ACCOUNTKEY and a1.ACCOUNTKEY = ae1.accountkey and
ae1.ENTITLEMENT_VALUEKEY = ev.ENTITLEMENT_VALUEKEY and ev.ENTITLEMENT_VALUE in ('CN=MCMGS-AST,OU=AllowDL,OU=DLs,DC=WAS,DC=INT,DC=IMF,DC=ORG'or
'CN=MCMGA-AST,OU=AllowDL,OU=DLs,DC=WAS,DC=INT,DC=IMF,DC=ORG')
and a1.status in (1,'Manually Provisioned','Active'))
and u1.statuskey=1 and a1.status in (1,'Manually Provisioned','Active') and u1.customproperty44='Active';

Thank You

Santhosh

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

Are you trying to add sav role or sav role entitlement. does task is getting created ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

we are tying to assign Sav Role but even when we try to assign entitlement task is not getting generated. Main ask is to add Sav Role when seleted AD entitlement is added to user.

Does query returns records


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

SanthoshAradhya
New Contributor
New Contributor

it comes upto no record. apart from this query any other way to add sav role to users depending on entitlements added.

ARS Request form.

Actionable report

technical Rule


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

can you assist with actionable report with sample or similar report


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Manu269
All-Star
All-Star

Please refer below sample :

SELECT a.ACCOUNTKEY,'Provision Access' as Default_Action_For_Analytics,
(select ENTITLEMENT_VALUEKEY from ENTITLEMENT_VALUES  where ENTITLEMENT_VALUE = 'TP') as entvaluekey,
a.ACCOUNTKEY as acctKey,
a.NAME as accName,
u.userkey as userKey
FROM users u,entitlement_values ev, user_accounts ua, account_entitlements1 ae1, entitlement_types et, endpoints e,accounts a
WHERE u.userkey = ua.userkey and
ua.accountkey = a.ACCOUNTKEY
AND ua.accountkey = ae1.accountkey
AND ev.entitlement_valuekey = ae1.entitlement_valuekey
AND ev.entitlementtypekey = et.entitlementtypekey
AND et.endpointkey = e.endpointkey
and u.userkey in ( SELECT u.userkey FROM users u, entitlement_values ev, user_accounts ua, account_entitlements1 ae1, entitlement_types et, endpoints e,accounts a
WHERE  u.userkey = ua.userkey and ua.accountkey = a.ACCOUNTKEY
AND ua.accountkey = ae1.accountkey
AND ev.entitlement_valuekey = ae1.entitlement_valuekey
AND ev.entitlement_value='WU Help Desk'
and et.ENTITLEMENTNAME = 'groups'
AND ev.entitlementtypekey = et.entitlementtypekey
AND et.endpointkey = e.endpointkey
AND e.endpointname ='Amigopod'
AND u.userkey not in ( select uu.userkey from usergroup_users uu where USER_GROUPKEY = 1 ))
AND e.endpointname ='SSM'

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.