Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Issue with Setting up Whom to Request

Manu269
All-Star
All-Star

Hello Team,

We have created a SAV role ROLE_MANAGER_VENDOR.

I am enclosing the features assocaited with this role.

This SAV role needs to be assigned to all the person who are marked as Manager for Vendor. Say for a case Manish if this person is manager of a Vendor ABC of Org XYZ he will assigned this SAV role.

On top of this the same person (Manish ) can also be manager for Employee users whose Organization is PQR then he will be assigned ROLE_MANAGER_TRAINING.

So at a time possibility is Manish can have 3 SAV role :

ROLE_MANAGER_TRAINING

ROLE_MANAGER_VENDOR

ROLE_END_USER (Assigning default to all)

Requirement :

The ask is the Vendor Manager  or the Training Manager SAV role must have only option to update the 'External','Third Party','Vendor' Users and not to Employee.

Similarly while raising the acces, he should be able to do for all employee type.

Config done so far :

1. In ROLE_MANAGER_VENDOR SAV role --> Whom to Request

I have added below config

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.statuskey=1"}]

2. In ROLE_MANAGER_TRAINING I have added --> Whom to Request

Request for Self and Direct Reportees

3.  In ROLE_MANAGER_TRAINING I have added --> Whom to Request

Request for Self

Assistance Required:

The above ask is not working as expected.

The issue which i see sometime is manager is allowed to update all employee type or sometime manager is not able to see his reportee details to raise access.

Assist here please.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
11 REPLIES 11

rushikeshvartak
All-Star
All-Star

use JSON in all SAV ROles


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Manu269
All-Star
All-Star

I have added below query to all 3 SAV role :

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.statuskey=1"}]

FOllowing is the observation :

1. Update User Request works fine. Shows option only for External','Third Party','Vendor

2. View Exisitng Access works fine, shows all reportee details

3. RequestAccessOthersMultiUser works fine, shows all reportee details

4. Issue : RequestAccessforOthers only shows the logged in user. It does not show reportee details.

Assist please urgently.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

Use separate block instead of comma separated 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak any sample?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Let me check and confirm.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

@rushikeshvartak I have validated with below query in all 3 SAV roles :

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.manager= ${users.id} and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]

ROLE_MANAGER_TRAINING 

ROLE_MANAGER_VENDOR 

ROLE_END_USER 

The problem is now when the person is clicking on Request New Access for Self, then getting below message :

Ensure that you have the permission to access this. Otherwise, contact the administrator.

How to handle this case?

I also validated, if the user has only ROLE_END_USER then there is no issue.

I also validated, if the user has ROLE_END_USER and ROLE_MANAGER_TRAINING then there is no issue.

I also validated, if the user has ROLE_MANAGER_VENDOR and ROLE_MANAGER_TRAINING then there is no issue.

Problem is happening when the person has all 3 SAV roles mentioned above.

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Manu269 

Please try with the query in both the custom SAV roles and no query in ROLE_END_USER and assigning all three to same user. 

Also please check and confirm if the user has all three SAV roles without this query then the user is able to request new access for self?

Regards,

Dhruv Sharma

@Dhruv_S  already tested the case 1 where query is in 2 custom SAV role and no query. It does not work.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

@Manu269 : Did you try below query in 

ROLE_MANAGER_TRAINING  and ROLE_MANAGER_VENDOR 

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.manager= ${users.id} and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]

And for ROLE_END_USER just have Request for Self ? If that didn't work then in ROLE_END_USER use below query and try

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.id= ${users.id} and a.statuskey=1"}]

If still didn't work please share the feature list for Role_End_User and also please share the settings applied in Create Request Home Option for all three SAV Roles


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

@Saathvik thanks it works.

I had to do server restart multiple times for the changes to reflect.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.