Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

In Access request user should be shown entitlements if user department is XYZ

sandeepgudipudi
New Contributor III
New Contributor III

‎05/10/2024 07:43 AM

In Access request user should be shown entitlements if user department is XYZ else it should pop message you are not part of XYZ department

Labels:
0 Kudos
3 REPLIES 3

PremMahadikar
All-Star
All-Star

‎05/10/2024 08:06 AM

Hi @sandeepgudipudi ,

  • Use dynamic attribute to pop-up XYZ department (This can default and not editable or you can make mandatory to be selected by user)  
select departmentname ID from users where userkey=${requestor}
  • Make sure the department value are defined in any customproperty of entitlement
  • Use this dynamic attribute in entitlementtype under 'Config for Requestable Entitlement in ARS' and 'Config for Selected Entitlement in ARS'. Ex: ev.customproperty1 in (${department})

Reference article: Setting Up Simple Form Fields (saviyntcloud.com)

If this helps your question, please consider selecting Accept as Solution and hit kudos

Best,
Prem Mahadikar
0 Kudos

Saathvik
All-Star
All-Star

‎05/10/2024 09:07 AM

@sandeepgudipudi : Couple of things in your requirement

1. Show entitlements based on department match

2. If not matching then provide a popup message

In this first part can be achieved by what @PremMahadikar mentioned but I am just simplifying the solution little bit 

  • Make sure the department values are defined in any customproperty of entitlement
  • Then in EntitlementType Configuration under 'Config for Requestable Entitlement in ARS' and 'Config for Selected Entitlement in ARS', Use query like this 
  • ev.custompropertyxx = (select departmentname from Users where userkey=${requestee}) - if condition should match for user who is getting access
  • ev.custompropertyxx = (select departmentname from Users where userkey=${requestor}) - if condition should match for person who is requesting the access

Where as your second part is not possible. If condition doesn't match they just don't see any entitlement, popup is not possible


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎05/10/2024 10:01 AM - edited ‎05/10/2024 10:01 AM

  • You can create dynamic attribute with required logic based on logic you can show message to end user.
  • rushikeshvartak_0-1715360355440.png

     

    Attribute

    Values

    Attribute Name

    DA_DEPT_RESTRICTIONS

    Request Type

    Account

    Attribute Label [Bold]

     Access Authorization

    Order Index

    0

    Attribute Type

    Single Select Query from SQL

    Value

    SELECT CASE WHEN departmentname != 'IT' THEN 'You are not authorized to request Please select back button to remove application.' ELSE  'You are authorized to raise request for user.'  END AS id FROM users WHERE userkey = '${user.id}';     

    Default value

    SELECT CASE WHEN departmentname != 'IT' THEN 'You are not authorized to request Please select back button to remove application.' ELSE  'You are authorized to raise request for user.'  END AS id FROM users WHERE userkey = '${user.id}';     

     

    Enable configs

    		 

    What action to perform when Parent attribute changes?

    Mapping


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC