Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Dynamic Attribute

sandeepgudipudi
New Contributor III
New Contributor III

I have requirement

 

If user city is Bangalore and Department is any of this crdc|core tech|aide|awan then it should fetch group as cn=Bglr,XXXXX else cn=Hyd,XXXX 

 

In workflow if user city Bangalore  and department crdc|core tech|aide|awan is satisfied then it should go to manager approval and provision else it should go to manager approval and app owner approval and provision

15 REPLIES 15

rushikeshvartak
All-Star
All-Star

rushikeshvartak_0-1717436536565.png

user.country.equalsIgnoreCase('Banglore') and (user.department.contains('crdc') OR user.department.contains('core tech') OR user.department.contains('aide') OR
user.department.contains('awan'))

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Thanks the actual requirement is,

 

If user city is Bangalore and Department is any of this crdc|core tech|aide|awan then it should fetch group as cn=Bglr,XXXXX else cn=Hyd,XXXX in request form

Then you can write SQL accordingly 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

How can this be achievable ? i need those details to be fetched runtime at the time of request on ARS form

  • Create 2 dynamic attribute - 1 Country
  • 2nd Department 
  • Store Entitlement CP1 & CP2 as country and department name 
  • Configure below query in Config for Requestable Entitlement in ARS
    • ev.status=1 and ev.customproperty1=${country} and ev.customproperty2 like '%${department}%'

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

There are 50 departments and if user belongs to city=bangalore and any of the listed department=out of 50 he should be see AD entitlement in selected list as cn=Bglr,XXXXX else cn=Hyd,XXXX in request form

  • You can specify departments in CP2 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

There are 50 departments how can i add them in cp2?

comma separated 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Can this be achievable using datasets instead of using 50 names in attributes. 

Another Approach

  • Create dynamic attribute DA and based on your logic show
    • select case when country='Banglore' and department in ('A','B')  then 'Yes' else 'No' as id from users where userkey=${requestee}
  • Store Entitlement CP1 = Yes
    • Configure below query in Config for Requestable Entitlement in ARS
      • ev.status=1 and ev.customproperty1='${DA}'
    •  

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Instead of using dynamic attribute,

1. user will select an application, no entitlements are selected

2. user would submit the request

3. workflow should check for employetype=employee and department = ('A','B')  and user belong to AD='cn=java,XXX' group, if condition satisfies request should go to manager approval and then check for user location[if Bangalore] provision to AD group cn=Bglr,XXXXX else cn=Hyd,XXXX. if condition does not satisfy request should go manager approval and application owner approval and check for user location[if Bangalore] provision to AD group cn=Bglr,XXXXX else cn=Hyd,XXXX.

Workflow will not provision any access automatically 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sandeepgudipudi
New Contributor III
New Contributor III

Hi,

 

In the same case how to fetch/check in dynamic attribute if user is member of AD groups cn=abc,XXXX and/or cn=xyz,XXXX and/or cn=qwe and it show display in ARS form

using dynamic attribute you can validate .


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.