Saviynt Forums

theosveg · ‎09/04/2024

is there a way to limit the user list on parent and delegate user, I want to exclude admin, sysadmin etc from these lists. How would I go about achieving this? Query format used etc..
I would also like to know the query format used for - "for whom the user can set up delegate" under a sav role?

Amit_Malik · ‎09/04/2024

@theosveg ,

1) you can global configuration , request define delegate query

user.employeeType='internal', you can try not in specific usernames

2) sample

select a from Users where a.id=${user.id}

(a.manager=${users.id} or a.manager=${users.manager}) and a.statuskey=1

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

rushikeshvartak · ‎09/04/2024

You can control both parent as well as child
Parent - Whom we can set delegate - under sav role
- select a from Users a where a.manager = ${users?.id}
Child (delegated person)- Global Config Define Delegate Query
- user.id in (select distinct id from Users where employeetype = 'Employee' and username not in ('SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','admin','systemadmin')) and user.statuskey=1

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

theosveg · ‎09/06/2024

thank you, what would be the query format to remove/exclude admin users from the parent delegate option?

Amit_Malik · ‎09/06/2024

In global config --> define delegate query

user.id in (select id from Users where username not in ('admin','sysadmin'))

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

rushikeshvartak · ‎09/06/2024

select a from Users a where a.username not in ('SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','admin','systemadmin')

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

theosveg · ‎09/10/2024

tried both parent and delegate user using the given query,

For parent: I still see admin users in those list, is there a reason why?

for delegate user, after updating under global config, I see no user in the list anymore. Used select a from Users a where a.username not in ('SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','admin','systemadmin') for both.

does it only work for certain sav roles, does other sav role config play a role in this, that I need to adjust?

rushikeshvartak · ‎09/10/2024

How many sav roles user have ?
Did you updated condition in all sav roles user having ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

theosveg · ‎09/11/2024

there was a small tweak I needed to do for delegate user: username not in ('SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','admin','systemadmin') is the query that worked after testing,

for parent, the query as it is works, U in Users seems to be case sensitive.

Saviynt Forums

Delegation - limit user list on parent and delegate user?