08/16/2023 12:42 PM
Hi - I am looking for a query that can be used in Advanced Campaign Configuration of a Role Owner Certification to exclude users from the campaign that were granted the role as birthright through a technical rule?
08/17/2023 09:36 AM
@kfoley1 this is currently not supported. Please raise an enhancement in the ideas portal. https://ideas.saviynt.com
Ideally this data is stored in the role_user_account table where the source is updated as ZERODAY. But this is not exposed in the campaign configs.
08/17/2023 11:28 AM
This doesnt seem to be feasible.
08/17/2023 08:56 PM
Role Owner Camapign does not have this Config.
08/17/2023 10:19 PM - edited 08/17/2023 10:20 PM
Hi @kfoley1
There is no direct way of doing this. But we have achieved this using the below approach.
1. For all the birthright roles, populate one of their customproperty with a flag value say "BIRTHRIGHT" (for eg, role CUSTOMPROPERTY1 will be set as "BIRTHRIGHT")
2. In the campaign configuration for role owner, select the option "Campaign Based On" as Role query. In the Role Query (HQL) option use the below sample query to exclude the birthright roles.
and ro.rolekey.id not in (select id from Roles where customproperty1 in ('BIRTHRIGHT'))
By this, you should be able to exclude the roles that are assigned through technical rules. Hope this helps!
09/06/2023 06:18 AM
Thanks Naveen - unfortunately this solution won't work as the role is not birthright for all users and we do need to include the user it was granted to via request in certification. This approach will only work if it is birthright access for all users.