Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/25/2024 04:48 AM
Hi Team,
I want to restrict the delegation configuration to only allow delegation to a user's peers on the same team. I tried to update the Global configuration and SAV roles with the below queries but it's not working. Can you please help?
Define Delegate query:
WHERE users.username in (select u.username from Users u where u.manager=${users.id})
Select * from Users WHERE users.username in (select u.username from Users u where u.manager=${users.id})
Thanks
06/25/2024 06:04 AM
Hi @Gaurav29 try the below expression
user.manager=${user.id}
06/25/2024 06:44 AM
06/25/2024 09:19 AM
you can try below,
select new map (a.id as id) from Users a where a.id = ${users?.id} or a.manager = ${users?.id}
06/25/2024 10:43 AM
Hi @GSR ,
I tried your suggestions, but the 'Delegate User' list still shows zero results. After defining the delegate query, I also triggered the microservices job, but there were still no results. Please let me know if I need to update any other settings.
Thanks,
Gaurav
Thanks,
Gaurav
06/25/2024 10:04 AM
a.manager=${users.id}
Refer https://forums.saviynt.com/t5/identity-governance/setup-deletgation/m-p/18830
06/25/2024 10:44 AM
Hi @rushikeshvartak,
I tried your suggestions, but the 'Delegate User' list still shows zero results. After defining the delegate query, I also triggered the microservices job, but there were still no results. Please let me know if I need to update any other settings.
Thanks,
Gaurav
06/25/2024 08:26 PM
I have validated solution, and it works as expected. validated in 24.5
Config :
Validation
Bob is manager of Irene (Sample User)
06/26/2024 01:08 AM
Hi @rushikeshvartak ,
Thank you for the help here.
This works fine when the manager delegates to someone who reports to them, but it doesn't work if someone from the same team tries to delegate.
For example, if Irene or Rahul tries to delegate access to Neeta, it returns zero results.
Thanks,
Gaurav
06/25/2024 11:21 AM - edited 06/25/2024 11:22 AM
Hi @Gaurav29 ,
The right syntax is: user.manager=${users.id}
FYI @Rushi, I am not sure how it use to work in 5.5v. Currently, if a.manager is used, Saviynt give an error: Invalid Path with nested exception.
If this helps, Please consider selecting Accept As Solution and hit Kudos