Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/30/2024 01:46 PM
We have a use case where we need to prevent a contractor having customproperty11 like 'GXXXX' from logging in to saviynt and be able to submit requests for access.
how do we achieve this. we tried using role user and put the below in whom to request
hql json
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,UpdateUserRequest,RequestEnterpriseRoles,ViewExistingAccess","query":"select a from Users a where a.username not in ('admin','SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','systemadmin') and (a.customproperty11 not like 'GXXXX' or a.customproperty11 is null) and a.statuskey = 1"}]
But they can submit using request for self and also submit request for enterprise role
we need to limit their ability to submit request
08/30/2024 04:13 PM - edited 08/31/2024 09:30 AM
08/30/2024 11:13 PM
Hi @venkat , I might have misunderstood your use case. If you don't want them to login to Saviynt and request access, why you need them in Saviynt.
If you need them in Saviynt for some reason, don't assign a sav role.