Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Database Connector - Design Question

Go to solution
PRana
New Contributor II
New Contributor II

‎06/25/2024 03:52 PM

We have to integrate with an application where user's project association and their role in the project are stored available in a database view in following format.

A user can be associated with multiple projects.

Multiple users can be associated with a project.

User and their role for a given project can be either ADMIN or MEMBER but never both.

There are only handful possible values of PROJECT_ROLE

 

PROJECTPROJECT_ROLEUSER
P1ADMINU1
P2MEMBERU1
P2MEMBERU2
P3ADMINU1
P3MEMBERU2
P3ADMINU3
P4ADMINU2

I am having hard time envisioning how this can translate into entitlements on an account.

For example, if I setup project as an entitlement type. The entitlement hierarchy will look like the following but then I miss out on PROJECT_ROLE information

   U1 -> PROJECT (Entitlement Type) -> P1, P2, P3

   U2-> PROJECT (Entitlement Type) -> P2, P3, P4

    U3 -> PROJECT (Entitlement Type) -> P3

If I setup project role as a value for entitlement type, then I need to duplicate project entitlement for each entitlement type.

     U1 -> ADMIN (Entitlement Type) -> P1 (Admin), P3 (Admin)

     U1 -> MEMBER (Entitlement Type) -> P2 (Member)

     U2 -> ADMIN (Entitlement Type) -> P4 (Admin)

     U2 -> MEMBER (Entitlement Type) -> P2 (Member), P3 (Member)

     U3 -> ADMIN (Entitlement Type) -> P3 (Admin)

     U3 -> MEMBER (Entitlement Type) -> 

If you have any better solutions, I'd love to get your thoughts.

Thanks in advance.

 

 

0 Kudos
3 REPLIES 3

Go to solution
rushikeshvartak
All-Star
All-Star

‎06/25/2024 08:21 PM - edited ‎06/25/2024 08:57 PM

You need to create Entitlement values as Project - Role combination using concat function of DB 

P1 - ADMIN

P1 - MEMBER

 

Member vs admin is not allowed hence implement SoD between 2 entitlements values

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
PremMahadikar
All-Star
All-Star

‎06/25/2024 08:33 PM

Hi @PRana ,

We had similar requirement in past with three different handful combination. We concatenated all three columns and designed single entitlement inside Saviynt.

In your case it would be, entitlement type (PROJECT) which would have below combination

  • P1_ADMIN
  • P2_MEMBER
  • P3_ADMIN
  • P3_MEMBER
  • P4_ADMIN

During provisioning, you can use substring to separate the entitlements according.

 

I am not sure how it as been setup in the target or you are looking for different approach, the above one would be last possible solution which can be achieved. Please try..

If this helps, please select Accept As Solution and hit Kudos

Best,
Prem Mahadikar

Go to solution
PRana
New Contributor II
New Contributor II

‎06/26/2024 05:54 AM

Thank you @rushikeshvartak and @PremMahadikar for the confirmation. I was suspecting that's what was needed but wanted to confirm if there was any other option.

0 Kudos
Copyright © 2024 Khoros, LLC