Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fetch AccountKey in workflow( Emergency Access ID Request Workflow)

AS5278
Regular Contributor II
Regular Contributor II

‎01/09/2024 11:11 AM

Hi,

We have written a query in the Custom Assignment Block of the workflow to fetch the Rank 1 owner of the requested privileged account.

Below is the query:

 

SELECT u.userkey
FROM users u
JOIN accountowners ao ON ao.OWNERUSERKEY = u.userkey
JOIN request_access ra ON ao.ACCOUNTKEY = ra.ACCESSKEY
WHERE ra.REQUESTKEY =${ARSREQUEST.id} AND ao.rank = 1;

 

This will work fine if user raises a request for a single account at a time.

But if we raise a request for let's say 2 accounts and both of these accounts have different Rank1  owners then the above query will give two users in result set. This is not what we want.

I figured out that since the workflow is parallel, for each requested account the workflow will be called separately. So if I make an addition to the above query like below it might work:

 

SELECT u.userkey
FROM users u
JOIN accountowners ao ON ao.OWNERUSERKEY = u.userkey
JOIN request_access ra ON ao.ACCOUNTKEY = ra.ACCESSKEY
WHERE ra.REQUESTKEY =${ARSREQUEST.id} AND ao.rank = 1 and ao.accountkey=(select accountkey from accounts where accountid={Requested account's ID});

 

 The problem is how do I fetch the requested account's id or key in the workflow?.

Please guide.

Thanks,

Atul Singh

xurde
0 Kudos
7 REPLIES 7

rushikeshvartak
All-Star
All-Star

‎01/09/2024 06:51 PM

SELECT u.userkey
FROM users u
JOIN accountowners ao ON ao.OWNERUSERKEY = u.userkey
JOIN request_access ra ON ao.ACCOUNTKEY = ra.ACCESSKEY
JOIN request_access_attrs raa ON raa.REQUEST_ACCESS_KEY=ra.REQUEST_ACCESSKEY
AND raa.attribute_name='ACCOUNTKEY'
WHERE ra.REQUESTKEY =1366 AND ao.rank = 1 and ao.accountkey=raa.ATTRIBUTE_VALUE


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

AS5278
Regular Contributor II
Regular Contributor II
In response to rushikeshvartak

‎01/10/2024 01:53 AM

@rushikeshvartak 

It is still giving both the usernames:

AS5278_0-1704880318062.png

Here, '5173' is the requestkey. In this request two CPAM accounts were requested and both of these accounts have 'different' Rank 1 owners. 

xurde
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to AS5278

‎01/10/2024 07:40 PM

What is ask here ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

AS5278
Regular Contributor II
Regular Contributor II

‎01/11/2024 02:35 AM - edited ‎01/11/2024 04:33 AM

@ehrushikesh 

If the user requests for let's say two privileged accounts in a single request and each of these two accounts have different 'Rank 1' Owners.

For Ex:-

Account1 -> Rank 1 Owner is 'ABCD'

Account2 -> Rank 1 Owner is 'EFGH'

So the requirement is that, for 'Account 1' request should go for approval to only user 'ABCD' 

Similarly, for 'Account 2' request should go for approval to only user 'EFGH'.

But, with the current query what is happening is, for both these requested accounts it is going for approval to both the 'Rank1' owners i.e it is going for approval to 'ABCD' as well as 'EFGH' for each requested account. 

This is happening because in the above query we are performing the filter(WHERE clause) based on 'RequestKey'. But since the 2 requested accounts are part of the same request, the request key will be same for both and hence in the result set we are getting the 'Rank 1' owner of both the requested accounts.

The workflow is of type parallel. For each requested account the workflow will be called. So, it will be called twice as 2 accounts were requested in the request.

So, if first call is for 'Account 1', then the SQL query should return the 'Rank 1' owner of only 'Account 1'.

If call is for 'Account 2', SQL query should return the 'Rank1' owner of only 'Account 2'. 

 

 

xurde
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to AS5278

‎01/11/2024 08:09 PM

This can't be handled as we have same requestkey


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

AS5278
Regular Contributor II
Regular Contributor II
In response to rushikeshvartak

‎01/17/2024 03:24 AM

@rushikeshvartak Is there any way to fetch the emergency access account that has been requested for?.

Thanks.

 

xurde
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to AS5278

‎01/17/2024 05:44 AM

No please raise idea ticket


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC