Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

how to restrict user at ARS not to submit different location other than his base location

IAM_99
Regular Contributor II
Regular Contributor II

Hi All,

We have a DA ( dynamic attribute) called -" Location " - > if Location (for ex - India)  selected set of entitlements will be shown and user will add   submits.

next time if same user comes to ARS and selects Location as 'Japan' --> we should not allow him since his base location is India, he can only submit for India entitlements.

Any inputs on the above requirements how to achieve ? 

 

2 REPLIES 2

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @IAM_99,

To achieve this, you can configure the dynamic attribute at the endpoint level. Please refer to the following documentation for your specific use case:

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/Viewi... 

Below is a sample query that can be used as a single select query for the dynamic attribute:

Sample Query:
SELECT CASE
WHEN u.country='India' THEN 'India'
WHEN u.country='Japan' THEN 'Japan'
-- Add more countries here if needed
END AS ID
FROM users u
WHERE u.userkey = ${requestee}

You can add more countries to the query as per your requirements.

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".

rushikeshvartak
All-Star
All-Star

He can only India entitlement means india value should be stored under some user property


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.