Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can we distinguish between Reconciliated Entitlement and Provisioned Entitlement for any Account

Souvik
New Contributor III
New Contributor III

‎07/19/2022 11:26 PM

How can we distinguish between Reconciliated Entitlement and Provisioned Entitlement in Entitlement Hierarchy for an particular account?

If it is possible then what query should we use in Data Analyzer to check those Entitlement.

Any help here is much appreciated.

Thanks

0 Kudos
2 REPLIES 2

Sivagami
Valued Contributor
Valued Contributor

‎07/20/2022 01:09 PM

@Souvik - accounts_entitlements1 table will store the relationship between accounts and entitlements (What you see in the entitlement hierarchy in UI). There is a column in this table - arstaskkey which would get populated with the task number if the entitlement for the account is provisioned via Saviynt. If you see the value of arstaskkey to be blank, then it would mean the access got provisioned outside of Saviynt and that's why there is no task reference captured in the accounts_entitlements1 table.

Once the application goes live, make sure to use Baseline Application feature in endpoint which will set dummy arstaskkey for all the account & entitlement combinations in accounts_entitlements1 table. This would make sure the access assignments done before the application got onboarded to Saviynt are not showing up in your analysis as false positives.

Hope this helps!

-Siva

rushikeshvartak
All-Star
All-Star

‎07/20/2022 01:32 PM

rushikeshvartak_0-1658349138011.png

select distinct e.endpointname as application,a.name, (select u.username from users u,user_accounts ua where u.userkey=ua.userkey and ua.accountkey=a.accountkey) as u,ev.entitlement_value as 'Entitltment', et.entitlementname as 'Entitltment Type',case when ev.status=1 then 'Active' when ev.status=2 then 'InActive' else ev.status end as 'Entitlement Status',case when a.status=1 then 'Active' when a.status=2 then 'InActive' else a.status end as account_state, case when ae.ARSTASKKEY is not null then concat('Provisioned from Saviynt ',ae.ARSTASKKEY) else 'Provisioned outside saviynt' end as 'source' from endpoints e,endpoints e1,accounts a,account_entitlements1 ae,entitlement_values ev,entitlement_types et where e.endpointkey=a.endpointkey and ae.accountkey=a.accountkey and ev.entitlement_valuekey=ae.entitlement_valuekey and et.entitlementtypekey=ev.entitlementtypekey and e1.endpointkey=et.endpointkey and a.status not in ('Suspended From Import Service')and e.ENDPOINTNAME IN ('EndpointName') order by a.status


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
Copyright © 2024 Khoros, LLC