Click HERE to see how Saviynt Intelligence is transforming the industry. |
12/28/2023 08:48 AM
Hi Team,
We have a requirement to set up an entitlement-level approval process for one AD-connected application.
Scenario: We have two entitlements "user" and "admin". when any user selects "user" then it should go for only line manager approval but if a user selects "admin" then it should go for one extra level of approval (entitlement owner or any other approvers)
issue: We are not maintaining owners for AD groups/entitlements in AD and if we try to set it directly in Saviynt, it is getting overwritten after the next sync, and the existing owner is getting removed.
Could you please provide your expert view on how we can achieve entitlement-level approval in the above scenario?
e.g. if we can achieve it through user groups or by checking entitlement value in if-else condition and if it is "Admin" then assign it to next level approver.
Thanks
Solved! Go to Solution.
12/28/2023 08:53 AM - edited 12/28/2023 08:54 AM
You can use if-else block to implement the logic
entitlement.entitlement_value== 'User'
12/28/2023 03:37 PM
@rushikeshvartak : Thank you for your response.
Yes, I was looking for the syntax and it worked.
12/29/2023 04:52 AM
@rushikeshvartak : is it possible to fetch the approvers from any customproperty attribute of entitlement?
I am storing approvers details in entitlement customproperty15 and when trying to use it in workflow, it's not working as expected and request is getting assigned to Admin.
I am using below code:
select userkey from users where USERNAME in (select customproperty15 from entitlement where entitlement.entitlement_valuekey=${REQUESTACCESSOBJ.id})
12/29/2023 06:15 AM
@rushikeshvartak I have found a way to fetch customproperty values of an entitlement using the belwo query:
select userkey from users where username =(select customproperty15 from entitlement_values where entitlement_valuekey=${REQUESTACCESSOBJ.id})
However, if more than one user is available in customproperty15 with ";" as a separator, is it possible to identify them and send approval to all?
I have tried to user SUBSTRING_INDEX function but it did not work for more than one value:
select userkey from users where username =(select SUBSTRING_INDEX(SUBSTRING_INDEX(customproperty15, ";", 2), "=", -1) from entitlement_values where entitlement_valuekey=${REQUESTACCESSOBJ.id})
12/29/2023 09:25 AM - edited 12/29/2023 10:26 AM
select userkey from users where username in (SELECT SUBSTRING_INDEX(SUBSTRING_INDEX(customproperty8, ';', n), ';', -1) userkey FROM entitlement_values JOIN ( SELECT 1 AS n UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 ) AS numbers ON CHAR_LENGTH(customproperty8) - CHAR_LENGTH(REPLACE(customproperty8, ';', '')) >= n - 1 where entitlement_valuekey=${REQUESTACCESSOBJ.id})
12/29/2023 12:40 PM
@rushikeshvartak : Thank you so much. It worked.