and more in a single search tool across platforms. Read the announcement here. |
01/31/2024 02:35 AM
Hi Team,
We have one requirement where Managers can setup delegate for himself only.
For this, we have used: For whom can the user setup delegate
Now, We have provided all the access in Feature Access and Web Service Access for this Manager SAV ROLE.
Now, In the setup delegate page, Manager are able to see himself and select it for submitting the delegation request. But It throws Access denied error.
When we use ALL in For whom can the user setup delegate, It doesn't throw Access Denied error and works seamlessly.
01/31/2024 09:59 PM
Object name is users
select a from Users a where a.id= ${users?.id}
02/01/2024 01:24 AM
Hi @rushikeshvartak ,
This issue is not with this:
Object name is users or user
It works with both for the query:
select a from Users a where a.id= ${users?.id}
The issue that we had is with another SAV ROLE i.e. ROLE_ENDUSER.
In this SAV ROLE, For whom can the user setup delegate should be filled with some values either ALL or the same query we are using in ROLE_MANAGER for this not to throw Access denied error.
Note: We tested this with few users who had ROLE_MANAGER and ROLE_ENDUSER sav role. And this is our findings.
02/01/2024 06:37 AM
Remove both feature and re add in role manager it will work
02/01/2024 11:21 PM
Hi @rushikeshvartak ,
I did multiple test for this. Re adding the feature, removing and adding all the feature access, even the API access too.
I even ran microservice job also after all the changes.
Looks like I have to give same query or any query in ROLE_ENDUSER if I want to use Query feature in ROLE_MANAGER where we are giving both sav roles to a user.
02/02/2024 08:01 PM
thats is not case. Its working in v23.6
02/07/2024 05:13 AM - edited 02/07/2024 05:14 AM
Hi @rushikeshvartak ,
Can you try removing the query in ROLE_ENDUSER and provide both Sav ROLE (ENDUSER and MANAGER) and try to setup delegate by himself logging using the same user.
Note: ENDUSER doesn't have permission to setup delegate or any API access regarding delegation.
Since the above one is not working in 23.5.
02/07/2024 06:26 AM
Its working as expected in 23.6 & 24.1 this seems version specific issue
and i have tested as you mentioned- if i remove condition all users are listed
02/07/2024 09:18 PM
validated in 23.8 and 23.11 its working as expected.
02/07/2024 10:41 PM
Thanks @Manu269 and @rushikeshvartak for the confirmation. For now I have the work around for 23.5 Version, But I will take this up with Saviynt.