Saviynt Forums

dubeank · ‎12/28/2023

Hi Team,

We have a requirement to set up an entitlement-level approval process for one AD-connected application.
Scenario: We have two entitlements "user" and "admin". when any user selects "user" then it should go for only line manager approval but if a user selects "admin" then it should go for one extra level of approval (entitlement owner or any other approvers)
issue: We are not maintaining owners for AD groups/entitlements in AD and if we try to set it directly in Saviynt, it is getting overwritten after the next sync, and the existing owner is getting removed.

Could you please provide your expert view on how we can achieve entitlement-level approval in the above scenario?
e.g. if we can achieve it through user groups or by checking entitlement value in if-else condition and if it is "Admin" then assign it to next level approver.

Thanks

rushikeshvartak · ‎12/28/2023

You can use if-else block to implement the logic

entitlement.entitlement_value== 'User'

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

dubeank · ‎12/28/2023

@rushikeshvartak : Thank you for your response.
Yes, I was looking for the syntax and it worked.

dubeank · ‎12/29/2023

@rushikeshvartak : is it possible to fetch the approvers from any customproperty attribute of entitlement?
I am storing approvers details in entitlement customproperty15 and when trying to use it in workflow, it's not working as expected and request is getting assigned to Admin.
I am using below code:
select userkey from users where USERNAME in (select customproperty15 from entitlement where entitlement.entitlement_valuekey=${REQUESTACCESSOBJ.id})

dubeank · ‎12/29/2023

@rushikeshvartak I have found a way to fetch customproperty values of an entitlement using the belwo query:
select userkey from users where username =(select customproperty15 from entitlement_values where entitlement_valuekey=${REQUESTACCESSOBJ.id})

However, if more than one user is available in customproperty15 with ";" as a separator, is it possible to identify them and send approval to all?

I have tried to user SUBSTRING_INDEX function but it did not work for more than one value:

select userkey from users where username =(select SUBSTRING_INDEX(SUBSTRING_INDEX(customproperty15, ";", 2), "=", -1) from entitlement_values where entitlement_valuekey=${REQUESTACCESSOBJ.id})

rushikeshvartak · ‎12/29/2023

select userkey from users where username in (SELECT SUBSTRING_INDEX(SUBSTRING_INDEX(customproperty8, ';', n), ';', -1) userkey FROM entitlement_values JOIN ( SELECT 1 AS n UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 ) AS numbers ON CHAR_LENGTH(customproperty8) - CHAR_LENGTH(REPLACE(customproperty8, ';', '')) >= n - 1 where entitlement_valuekey=${REQUESTACCESSOBJ.id})

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

dubeank · ‎12/29/2023

@rushikeshvartak : Thank you so much. It worked.

Saviynt Forums

can we achieve entitlement level approval without entitlement owners for AD connected apps