Saviynt Forums

Gaurav29 · ‎06/25/2024

Hi Team,

I want to restrict the delegation configuration to only allow delegation to a user's peers on the same team. I tried to update the Global configuration and SAV roles with the below queries but it's not working. Can you please help?

Define Delegate query:

WHERE users.username in (select u.username from Users u where u.manager=${users.id})

Select * from Users WHERE users.username in (select u.username from Users u where u.manager=${users.id})

Thanks

naveenss · ‎06/25/2024

Hi @Gaurav29 try the below expression

user.manager=${user.id}

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Gaurav29 · ‎06/25/2024

Hi @naveenss,

I've already tried that, but it shows a blank search in 'Delegate Users'.

Thanks

GSR · ‎06/25/2024

@Gaurav29

you can try below,

select new map (a.id as id) from Users a where a.id = ${users?.id} or a.manager = ${users?.id}

Gaurav29 · ‎06/25/2024

Hi @GSR ,

I tried your suggestions, but the 'Delegate User' list still shows zero results. After defining the delegate query, I also triggered the microservices job, but there were still no results. Please let me know if I need to update any other settings.

Thanks,

Gaurav

Thanks,

Gaurav

rushikeshvartak · ‎06/25/2024

a.manager=${users.id}

Refer https://forums.saviynt.com/t5/identity-governance/setup-deletgation/m-p/18830

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Gaurav29 · ‎06/25/2024

Hi @rushikeshvartak,

I tried your suggestions, but the 'Delegate User' list still shows zero results. After defining the delegate query, I also triggered the microservices job, but there were still no results. Please let me know if I need to update any other settings.

Thanks,

Gaurav

rushikeshvartak · ‎06/25/2024

I have validated solution, and it works as expected. validated in 24.5

Config :

Validation

Bob is manager of Irene (Sample User)

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Gaurav29 · ‎06/26/2024

Hi @rushikeshvartak ,

Thank you for the help here.

This works fine when the manager delegates to someone who reports to them, but it doesn't work if someone from the same team tries to delegate.

For example, if Irene or Rahul tries to delegate access to Neeta, it returns zero results.

Thanks,

Gaurav

PremMahadikar · ‎06/25/2024

Hi @Gaurav29 ,

The right syntax is: user.manager=${users.id}

FYI @Rushi, I am not sure how it use to work in 5.5v. Currently, if a.manager is used, Saviynt give an error: Invalid Path with nested exception.

If this helps, Please consider selecting Accept As Solution and hit Kudos

Best,
Prem Mahadikar

Saviynt Forums

I want to restrict the delegation to only allow delegation to a user's peers on the same team