Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to get those users as well who is belonging to endpoint

Go to solution
gagan94
Regular Contributor
Regular Contributor

‎11/16/2022 07:51 AM

Dear All

I have one requirement where we have to capture recon report for all active endpoints, The current report is capturing only those users which is having any of entitlements provisioned from role or individual one.

But we need to capture those users as well who do not have any role but tagged to particular endpoint. I have created one query which is not able to fulfil the above requirement.

select ss.SYSTEMNAME as 'Security_System',ep.endpointname as 'Endpoint_Name',CASE WHEN ev.ENTITLEMENT_VALUE is null THEN(select ev.DISPLAYNAME from entitlement_values ev) ELSE ev.ENTITLEMENT_VALUE end as 'Entitlemenet name',u.username as 'USERNAME',u.displayname as 'DISPLAYNAME',CASE U.STATUSKEY WHEN '0' THEN 'INACTIVE' WHEN '1' THEN 'ACTIVE' END AS USERSTATUS,acc.NAME as 'AccountName' ,(select updatedate from arstasks where taskkey=ae.ARSTASKKEY) as RoleGrantDate from users u,accounts acc,user_accounts ua,account_entitlements1 ae,entitlement_values ev,endpoints ep,securitysystems ss where acc.accountkey=ua.accountkey and ua.userkey=u.userkey and ae.accountkey=acc.accountkey and ae.ENTITLEMENT_VALUEKEY=ev.ENTITLEMENT_VALUEKEY and acc.endpointkey=ep.endpointkey and acc.status=1 and ep.SECURITYSYSTEMKEY=ss.SYSTEMKEY and u.statuskey=1 AND
acc.status IN ( '1', 'Manually Provisioned', 'Active' )

Can Anybody help me in this one what needs to be modified here.

Many Thanks in Advance

Regards,

Gagan

0 Kudos
5 REPLIES 5

Go to solution
sk
All-Star
All-Star

‎11/16/2022 12:30 PM

If I understood your requirement correctly You need to pull all accounts under a specific endpoint irrespective of whether they have entitlement or not right? In that case you need to do left join with account_entitlements1 table instead of simply joining the table


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Go to solution
gagan94
Regular Contributor
Regular Contributor

‎11/16/2022 11:10 PM

Hey Sk,

Yes you understood requirement correctly.

I have used only these joins only for getting the data, Can you please help with the modified query with left join, I believe it would be helpful in creating all other reports as well.

Actually I am not sure for left join properly for fetching these data

0 Kudos

Go to solution
Abhishek
New Contributor III
New Contributor III

‎11/17/2022 01:07 AM

select
u.username, u.firstname, u.lastname, u.statuskey as status_key, accounts.name as account_name, endpoints.ENDPOINTNAME, accounts.STATUS as account_status, et.displayname as entitlement_type, ev.entitlement_value
from accounts
left join user_accounts on accounts.ACCOUNTKEY=user_accounts.ACCOUNTKEY
left join endpoints on endpoints.ENDPOINTKEY = accounts.ENDPOINTKEY
left join users u on u.userkey = user_accounts.userkey
left join account_entitlements1 ae on ae.accountkey = accounts.ACCOUNTKEY
left join entitlement_values ev on ev.entitlement_valuekey = ae.entitlement_valuekey
left join entitlement_types et on et.entitlementtypekey = ev.entitlementtypekey
where
endpoints.ENDPOINTNAME in ('xxxxxx') accounts.status in ('1','Active','Manually Provisioned')

see if this works?

Go to solution
gagan94
Regular Contributor
Regular Contributor

‎11/17/2022 04:36 AM

Hey Abhishek,

Thanks for making efforts.

Can you please add role information as well, Role Name or let me know what should be add here, because if entitlements provisioned from role then it is also required to be in report.

do we need to add role grant date using left join?

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to gagan94

‎11/18/2022 10:55 AM

select
u.username, u.firstname, u.lastname, u.statuskey as status_key, accounts.name as account_name, endpoints.ENDPOINTNAME, accounts.STATUS as account_status, et.displayname as entitlement_type, ev.entitlement_value,r.role_name
from accounts
left join user_accounts on accounts.ACCOUNTKEY=user_accounts.ACCOUNTKEY
left join endpoints on endpoints.ENDPOINTKEY = accounts.ENDPOINTKEY
left join users u on u.userkey = user_accounts.userkey
left join account_entitlements1 ae on ae.accountkey = accounts.ACCOUNTKEY
left join roles r on ae.assignedfromrole=r.rolekey
left join entitlement_values ev on ev.entitlement_valuekey = ae.entitlement_valuekey
left join entitlement_types et on et.entitlementtypekey = ev.entitlementtypekey
where
accounts.status in ('1','Active','Manually Provisioned')


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
Copyright © 2024 Khoros, LLC