Saviynt Forums

JPMac · ‎04/22/2024

The following forums can now be configured to allow only Organization owners to update users who belong to the same Organization as themselves.

https://forums.saviynt.com/t5/identity-governance/how-to-control-the-organization-name-in-a-whom-to-...

Next, I would like to configure non-Owner users to update users if they belong to the same organization as themselves.
How do I change the query to achieve this?

rushikeshvartak · ‎04/22/2024

Can you elaborate with example both current and new use case

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

JPMac · ‎04/23/2024

@rushikeshvartak

For example, assume that OrgA has users 001 (owner), 002, 003, and OrgB has users 111 (owner), 112, 113.
In the following query, 001 can request an user update for 002,003, but not for 111~113.
And 002,003 cannot request an user update for anyone.

My expectation is that 001,002,003 will each be able to update OrgA and not 111~113 updates for OrgB.

I would like a query to be able to request updates for 002,003 as well.

rushikeshvartak · ‎04/23/2024

You can achieve same using having join with customerusers table

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Manu269 · ‎04/23/2024

@JPMac can you try exploring the Whom to Request feature at SAV role.

Sample

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.manager= ${users.id} and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

JPMac · ‎05/15/2024

@Manu269

Could you check the diagram below?

We want "customer" in the "users" table to be able to updaterequest only the same user.
It is assumed that Manager and other attributes will never be used.

So I use the following JSON, but I don't see any user.

==JSON==

[

{

"for":"UpdateUserRequest",

"query":"select a from Users a where a.customer = '${users.customer}'"

}

]

Can you give me some advice on this?

rushikeshvartak · ‎05/15/2024

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

JPMac · ‎05/21/2024

@arushi2403

Using this query doesn't display any users at all, and there are no logs.

==JSON==

[

{

"for":"UpdateUserRequest",

"query":"select a from Users a where a.customer = '${users.customer}'"

}

]

But this user belongs to organization.

PremMahadikar · ‎05/21/2024

Hi @JPMac ,

The below code is the solution for your question:

[{"for":"UpdateUserRequest","query":"select a from Users a where a.customproperty1 is not null and a.customproperty1 in ('VM') and a.id in (select cu.userkey from Customer_Users cu where cu.customerkey in (select c.id from Customer c where c.customername='${users.customer}'))"}]

Its working for me. Please try!

If this helps your question, please consider selecting Accept As Solution and hit Kudos

Best,
Prem Mahadikar

JPMac · ‎05/21/2024

I am looking for someone to advise me on this issue.
I have previously posted it on the Forum but have not yet resolved it, so I am asking again.

We have created multiple organizations in our environment.
As shown in the diagram below, when executing an update user request, we want to display only users from the same organization, not all users.

In another forum, I received the following query as advice, but it only allows the owner to execute the update user request, and non-owner users cannot do it.

====

[ {"for":"UpdateUserRequest","query":"select a from Users a where a.customproperty1 is not null and a.customproperty1 in ('VM') and a.id in (select userkey from Customer_Users where customerkey in (select customerkey from Organization_Owners where userkey = '${users.id}'))"} ]

====

I tried using the following query, but nothing is displayed in the update user request when using it.

===

select a from Users a where a.customer = '${users.customer}'

===

Could you please give me advice on how to meet this requirement?

PremMahadikar · ‎05/21/2024

Hi @JPMac ,

The below code is the solution for your question:

[{"for":"UpdateUserRequest","query":"select a from Users a where a.customproperty1 is not null and a.customproperty1 in ('VM') and a.id in (select cu.userkey from Customer_Users cu where cu.customerkey in (select c.id from Customer c where c.customername='${users.customer}'))"}]

Its working for me. Please try!

If this helps your question, please consider selecting Accept As Solution and hit Kudos

Best,
Prem Mahadikar

JPMac · ‎05/21/2024

@PremMahadikar

Thanks for your response! It's working on our environment.

[

{

"for":"UpdateUserRequest",

"query":"select a from Users a where a.id in (select cu.userkey from Customer_Users cu where cu.customerkey in (select c.id from Customer c where c.customername='${users.customer}'))"

}

]

Saviynt Forums

how to control the organization name in a Whom To Request - ver2