Saviynt Forums

Hi @rushikeshvartak ,

This issue is not with this:

Object name is users  or user
It works with both for the query: 
select a from Users a where a.id= ${users?.id}

The issue that we had is with another SAV ROLE i.e. ROLE_ENDUSER.
In this SAV ROLE, For whom can the user setup delegate should be filled with some values either ALL or the same query we are using in ROLE_MANAGER for this not to throw Access denied error.

Note: We tested this with few users who had ROLE_MANAGER and ROLE_ENDUSER sav role. And this is our findings.

Remove both feature and re add in role manager it will work

Hi @rushikeshvartak ,

I did multiple test for this. Re adding the feature, removing and adding all the feature access, even the API access too.
I even ran microservice job also after all the changes.

Looks like I have to give same query or any query in ROLE_ENDUSER if I want to use Query feature in ROLE_MANAGER where we are giving both sav roles to a user.

thats is not case. Its working in v23.6

Hi @rushikeshvartak ,

Can you try removing the query in ROLE_ENDUSER and provide both Sav ROLE (ENDUSER and MANAGER) and try to setup delegate by himself logging using the same user.
Note: ENDUSER doesn't have permission to setup delegate or any API access regarding delegation.

Since the above one is not working in 23.5. 

Its working as expected in 23.6 & 24.1 this seems version specific issue

and i have tested as you mentioned- if i remove condition all users are listed

Thanks @Manu269 and @rushikeshvartak for the confirmation. For now I have the work around for 23.5 Version, But I will take this up with Saviynt.