Saviynt Forums

vermark · ‎05/23/2022

Hi Team,

How to check whether a particular entitlement is assigned to the user or not in the grant access json of a DB type connection

Scenario -

We have two requestable entitlemment on the request form

1. Read Only

2. Read and Write

When user select 'Read Only' then 'Read and Write' should be removed and vice-versa.

We cannot use 'Remove Task for Existing Entitlements' in 'Create Task Action' under entitlement type because this will create the remove access task for all other entitlements. We don't want to remove any other entitlements assigned to the users we just want to remove 'read only' if user selects 'read and write' at the time of request and vice-versa.

rushikeshvartak · ‎05/23/2022

Below logic should work

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

vermark · ‎05/25/2022

Hi Rushikesh,

We can get the entitlement_value using ${task.entitlement_valuekey.entitlement_value} similarly how to check in grant access json if a particular entitlement is assigned on an account or not.

rushikeshvartak · ‎05/25/2022

As far as i know getting existing entitlement with account will be hard as we can't query saviynt from application connection.

Even if saviynt provides all existing entitlement it will be map. How you will identify which to remove?

You need to compare the entitlement requested is for add/remove vs existing entitlement.

Considering your example i thought you have only 2 entitlement.

Alternative solution create actionable report & add into chain jon after wsretry / daily to find if entitlement x is there then remove entitlement y & vice versa

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Rajesh-R · ‎05/25/2022

Hi Vermark,

Greetings and Good day to you.

Considering your use-case of having two requestable entitlemment on the request form

1. Read Only

2. Read and Write

When user select 'Read Only' then 'Read and Write' should be removed and vice-versa.

For the above scenario to work,

Create a distinct entitlement type which has Read-Only and Read-Write as the only two entitlements under that category.

Try to evaluate the option Single Select from the drop down for that distinct entitlement type. The user is allowed to select one option only. If the user chooses Read-Only, and if the user has Read-Write access already, automatically a revoke task will be created for that and add access task will be created for the new entitlement.

The specific entitlements have to be managed as a different entitlement type.

Try out designing the entitlements in such a way that we are allowing Single Select From Drop Down as the request option for the entitlement Type.

The Add Access / Revoke Access has to be managed depending on the entitlement Type. Try out the recommendation mentioned here and post if you are still facing the issues.

Thanks
Rajesh Ramalingam
Saviynt India

vermark · ‎05/28/2022

Thanks you Rajesh.

Saviynt Forums

How to fetch assigned entitlement in grant access json