This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Endpoint based visibility of Request History

haardik_verma
New Contributor III
New Contributor III

‎01-30-2023 02:30 AM

Hi,

We are looking for a way to give an user the access to Request History page where the user should only be able to see requests from a certain endpoint only.

We tested the below things:

1) We changed the Access to Endpoints in Sav Role

 

haardik_verma_1-1675073352882.png

This did not work. The user was able to see all the requests from all the endpoints.

2) Used View all requests submitted for the endpoint(s) retrieved option in Request History of sav role

haardik_verma_3-1675073562958.png

This opens a box to write HQL query:

haardik_verma_4-1675073672470.png

 

We tried the below queries 

i) select a from Endpoints a where a.id=16 - NOT SHOWING REQUESTS THAT HAVE MULTIPLE ENDPOINTS.

Like, these below requests are not shown to the sav role user.

haardik_verma_5-1675074409089.png

 

ii) select a from Endpoints a where a.id in (select ed.id from Endpoints ed where ed.endpointname like '%SAP%') - NOT WORKING

iii) select a from Endpoints a where a.id in (16,17,18) - NOT SHOWING REQUESTS WITH MULTIPLE ENDPOINTS

iv) select a from Endpoints a where a.id=16 UNION select a from Endpoints a where a.id=18 - SHOWING ONLY ENDPOINT ID 16 REQUESTS

v) select a from Endpoints a where a.id=16 and a.id=18 - NOT WORKING

Labels:
0 Kudos
8 REPLIES 8

haardik_verma
New Contributor III
New Contributor III
In response to rushikeshvartak

‎02-02-2023 03:41 AM

Hi @rushikeshvartak .

This did not work..

Kept the HQL as 

select a from Endpoints a where a.customproperty6='RequestHistorySAP'

And populated cp6 as RequestHistorySAP for 4 SAP endpoints, but only those requests were visible which were requested for single endpoint...

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to haardik_verma

‎02-02-2023 05:46 AM

Single endpoint meaning just one application one time not multiple in one request ?


Regards,
Rushikesh Vartak
0 Kudos

haardik_verma
New Contributor III
New Contributor III
In response to rushikeshvartak

‎02-02-2023 06:31 AM

Yes,

The admin sav role user is able to see those requests which has multiple endpoints, but these requests are not visible to the sav role user, for which that HQL is configured.

So, suppose we configured the HQL 

select a from Endpoints a where a.customproperty6='RequestHistorySAP' 

for SAV Role "SAV_Test" 

And suppose these below are all the requests that ADMIN sav role user can see

 

RequestId Request Type Requested For Requested By Request Submit Date Due Date Assignee Endpoints Request Origin Status

123456

Grant Access

TestUser123Haardik Verma (username)01-Feb-2023 16:58:2811-Feb-2023 16:58:28TestManagerSAP1, SAP2UICompleted 
654321

Grant Access

TestUser321Haardik Verma (username)31-Jan-2023 14:25:3710-Feb-2023 14:25:37TestManagerSAP2, SAP3UICompleted
123654

Grant Access

TestUser345Haardik Verma (username)31-Jan-2023 14:25:3710-Feb-2023 14:25:37TestManagerSAP2UICompleted
123789

Grant Access

TestUser543Haardik Verma (username)31-Jan-2023 14:25:3710-Feb-2023 14:25:37TestManagerSAP3UICompleted

 

CASE 1: customproperty6=RequestHistorySAP  for the endpoints SAP2

Outcome: The "SAV_Test" Sav role user is only able to see the Request 123654

Expected: he should be able to see request 123456, 654321 and 123654

 

CASE 2: customproperty6=RequestHistorySAP  for the endpoints SAP2 and SAP3

Outcome: The "SAV_Test" Sav role user is only able to see the Request 123654 and 123789

Expected: he should be able to see all 4 requests

 

CASE 3: customproperty6=RequestHistorySAP  for the endpoints SAP1      

Outcome: The "SAV_Test" Sav role user is not able to see any Request.

Expected: he should be able to see Request 123456

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to haardik_verma

‎02-03-2023 01:06 PM

I see this as defect, when request is raised for multiple application. Please raise Freshdesk ticket


Regards,
Rushikesh Vartak
0 Kudos

Manu269
All-Star
All-Star

‎02-05-2023 09:02 PM

@haardik_verma The issue was replicable even in EIC higher version. I suggest reaching out to Saviynt and for resolution please post here.

Manish Kumar
0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee

‎03-03-2023 03:55 AM

@haardik_verma 

Let me just explain how it is working , when we have multiple endpoints in ars table it is stored as comma separated values,

 
But when we give the condition in endpoint table as specific id's, the backend query formed is 
 
endpoint condition,
 
select a from endpoints where a.id in (10,11)
 
SELECT COUNT(DISTINCT AR.REQUESTKEY) AS TOTAL              
                     FROM ARS_REQUESTS AR, REQUEST_ACCESS RA, ACCESS_APPROVERS AA
                     WHERE AR.REQUESTKEY = RA.REQUESTKEY AND   AA.REQUEST_ACCESS_KEY = RA.REQUEST_ACCESSKEY 
                     AND AR.JBPMPROCESSINSTANCEID IS NOT NULL
   AND (  ( AR.ENDPOINTASCSV = 'REST' or AR.ENDPOINTASCSV = 'okta' ) )  and aa.status in (-1,1,2,3,4,5,6)
 
Here AR.endpointcsv value is stored in request as REST,okta. 
 
It will be taken as a bug and engineering team will work on it.
 
0 Kudos

haardik_verma
New Contributor III
New Contributor III
In response to Darshanjain

‎03-09-2023 08:39 PM

Thanks for the valueable inputs @rushikeshvartak @Manu269 and @Darshanjain .

We did raise Saviynt ticket last week and they have taken this up with their engineering team.

I will update here as soon as it is fixed.

0 Kudos
Copyright © 2023 Khoros, LLC