Saviynt Forums

Saviynt_learner · ‎11/25/2023

Is it possible to block users from requesting entitlement that belongs to only to their department?

I tried with the department filter but a user can select the entitlement even before selecting the department. which allows him to request for all entitlements, select the department later. and place a request. Any possible way to block users from doing this?

Please let me know if there's any possiblity.

SumathiSomala · ‎11/25/2023

@Saviynt_learner did you try with config for requrstable entitlements in ARS in entitlement type details page?

Sample:

ev. custompropertyx=='${departmentDA}'

entitlement custompropertyx should have department name

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Saviynt_learner · ‎11/25/2023

Thank you for the answer. But even after enabling this feature, users can still choose departments multiple times and request for any entitlement they want in a single request. How can we prevent that from happening?

rushikeshvartak · ‎11/26/2023

Problem is user can switch department and add entitlement correct ? If yes then only solution is you can add SoD or in wokflow you can validate department stored in entitlement if does not match with department in dynamic attributes then reject the entitlement

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Dynamic attribute question