Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Hide an entitlement/role in ARS request based on Requestee attribute fields

biswajitoram
Regular Contributor
Regular Contributor

Hi Team,

We want to hide a specific entitlement and are only available to request if the requestee/user has country= 'Thailand' AND location = 'Office' attributes in their profile and the rest of the entitlements/roles will be available for all to request.

biswajitoram_0-1699426976710.png

And I have tried with this query Config for Requestable Entitlement in ARS

query:  ev.customproperty20 in (select country from Users where userkey in (${requestee})) AND ev.customproperty21 in (select location from Users where userkey in (${requestee}))

biswajitoram_1-1699427106919.png

also updated customproperty20= 'Thailand' and customproperty21 = 'Office' the entitlement other attributes

 

 

 

6 REPLIES 6

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @biswajitoram ,

This way it may not work..

did you try to configure dynamic attribute so that user can select country thailand or others location as office or others, based on that the entitlements will be displayed.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

rushikeshvartak
All-Star
All-Star

Possible solutions

  • Create dynamic attribute and use in entitlement type filter
  • Use Entitlement customproperty to achieve use case

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

biswajitoram
Regular Contributor
Regular Contributor

Hi @rushikeshvartak @sudeshjaiswal 

Thanks for your support.

1. I have achieved this without going for the Dynamic attributes. PFA the query I have used.

query:- ev.entitlement_value not like 'entitlement_value' OR (ev.customproperty20 in (select country from Users where userkey in (${requestee})) AND ev.customproperty21 in (select location from Users where userkey in (${requestee})))

biswajitoram_0-1705995124046.png

I have updated the CP20 = CountryName and CP21 = LocationName

biswajitoram_3-1705995247401.png

2. But we have another requirement with this. We want to restrict another entitlement same as the above.  I have tried with multiple options but getting this error.

biswajitoram_4-1705995642874.png

Not sure how can I restrict both entitlements EntA and EntB or multiple entitlements. I have tried to update the CP20 AND 21 values for EntB same as EntA, but still not working.

Could you please help me with the query?

 

Can you explain with example


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak 

The earlier requirement was that only EntA can be requestable in ARS only by users with country= "CountryA" and location = "LocationA". And I have achieved this requirement by below query:

query:- ev.entitlement_value not like 'EntA' OR (ev.customproperty20 in (select country from Users where userkey in (${requestee})) AND ev.customproperty21 in (select location from Users where userkey in (${requestee})))

So, now the new requirement is EntB also can be requestable in ARS only by users with country= "CountryA" and location = "LocationA" same as the previous requirement.

I have tried merging different queries but I am getting the error as I mentioned earlier.

biswajitoram_0-1706675555478.png

Could you please help me with the query?

Share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.