Click HERE to see how Saviynt Intelligence is transforming the industry.
|
Click HERE to see how Saviynt Intelligence is transforming the industry.
|
Hi all,
We have a requirement to auto approve the enable and disable service account requests if the service account owner requests for it. Since the request page doesn't have any dynamic attributes for enable and disable request I am not able to fetch the owner detail in the workflow.
I was using the following groovy script in the if else block of the workflow to compare the requestor and the service account owner - (com.saviynt.ecm.identitywarehouse.domain.Users.get(Long.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEY'))).username ==(requestedby.username))
What other script can we use to compare the requestor and service account owner in the if else block?
Thanks.
Hey,
I had to change the query mentioned in the topic as the attribute_name column does not contain the owner key for enable and disable requests. I am using the following query now which is giving me the correct result -
select owneruserkey from accountowners ao where FIND_IN_SET(ao.accountkey,(select distinct REPLACE(raa.attribute_value,'' '','''') from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and ar.requestkey=${ARSREQUEST.id} and raa.attribute_name=''ACCOUNTKEY''))!=0
However when I raise a request for disable account for an account having some other owner, the request goes for admins approval. I am not sure why that is happening. Could you please take a look, attaching my workflow below.
Hey,
I am requesting for the disablement of service account that is why these attributes aren't showing up in the attribute_name of the table. Attaching screenshot for reference.
