Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

how to control the organization name in a Whom To Request - ver2

JPMac
Regular Contributor
Regular Contributor

The following forums can now be configured to allow only Organization owners to update users who belong to the same Organization as themselves.

https://forums.saviynt.com/t5/identity-governance/how-to-control-the-organization-name-in-a-whom-to-...


Next, I would like to configure non-Owner users to update users if they belong to the same organization as themselves.
How do I change the query to achieve this?

 

 

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

Can you elaborate with example both current and new use case


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

JPMac
Regular Contributor
Regular Contributor

@rushikeshvartak 

For example, assume that OrgA has users 001 (owner), 002, 003, and OrgB has users 111 (owner), 112, 113.
In the following query, 001 can request an user update for 002,003, but not for 111~113.
And 002,003 cannot request an user update for anyone.

My expectation is that 001,002,003 will each be able to update OrgA and not 111~113 updates for OrgB.

I would like a query to be able to request updates for 002,003 as well.

You can achieve same using having join with customerusers table


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Manu269
All-Star
All-Star

@JPMac can you try exploring the Whom to Request feature at SAV role.

Sample

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.manager= ${users.id} and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

JPMac
Regular Contributor
Regular Contributor

@Manu269 

Could you check the diagram below?

JPMac_0-1715757336702.png

We want "customer" in the "users" table to be able to updaterequest only the same user.
It is assumed that Manager and other attributes will never be used.

So I use the following JSON, but I don't see any user.

==JSON==

[
    {
        "for":"UpdateUserRequest",
        "query":"select a from Users a where a.customer = '${users.customer}'"
    }
]


Can you give me some advice on this?

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.