Saviynt Forums

narendranegi · ‎02/28/2024

Hi,

requirement:

1. Fire fighter role request should only be visible, when requestee has specific account in Azure AD.

I have created the following query:
and rl.id not in (select r.id from Roles r where r.roletype=4) and rl.status=1 and '1'=(SELECT case when a.name like 'a-%@rccad.net' then '1' else '0' end FROM users u, user_accounts ua, accounts a WHERE u.userkey = ua.userkey AND ua.accountkey = a.accountkey AND a.endpointkey=1 AND u.id={currentUser} AND a.name like 'a-%@rccad.net')

its not working.

can some please verify this query.

Regards
Narendra Negi

AmitM · ‎02/28/2024

Hi @narendranegi , You can follow this post - https://forums.saviynt.com/t5/identity-governance/filter-selectable-application-roles-based-on-the-s...

In latest versions , the role query is not taking {currentUser} or {requestor} etc.. and also it is r and not rl as alias.

Better to have a dynamic attribute and have the query there. Use the dynamic attribute in role query.

Sample DA query : select country as ID from users where userkey=${requestor}

Sample Role Filter Query : r.customproperty1 = '${RoleFilter}'

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

rushikeshvartak · ‎02/28/2024

Can you share logs

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

how to allow firefighter role request only for user having specific account