Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with Setting up Whom to Request

Go to solution
Manu269
All-Star
All-Star

‎04/09/2024 11:07 PM

Hello Team,

We have created a SAV role ROLE_MANAGER_VENDOR.

I am enclosing the features assocaited with this role.

This SAV role needs to be assigned to all the person who are marked as Manager for Vendor. Say for a case Manish if this person is manager of a Vendor ABC of Org XYZ he will assigned this SAV role.

On top of this the same person (Manish ) can also be manager for Employee users whose Organization is PQR then he will be assigned ROLE_MANAGER_TRAINING.

So at a time possibility is Manish can have 3 SAV role :

ROLE_MANAGER_TRAINING

ROLE_MANAGER_VENDOR

ROLE_END_USER (Assigning default to all)

Requirement :

The ask is the Vendor Manager  or the Training Manager SAV role must have only option to update the 'External','Third Party','Vendor' Users and not to Employee.

Similarly while raising the acces, he should be able to do for all employee type.

Config done so far :

1. In ROLE_MANAGER_VENDOR SAV role --> Whom to Request

I have added below config

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.statuskey=1"}]

2. In ROLE_MANAGER_TRAINING I have added --> Whom to Request

Request for Self and Direct Reportees

3.  In ROLE_MANAGER_TRAINING I have added --> Whom to Request

Request for Self

Assistance Required:

The above ask is not working as expected.

The issue which i see sometime is manager is allowed to update all employee type or sometime manager is not able to see his reportee details to raise access.

Assist here please.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
Preview file
3 KB
Preview file
3 KB
0 Kudos
11 REPLIES 11

Go to solution
rushikeshvartak
All-Star
All-Star

‎04/10/2024 09:36 PM

use JSON in all SAV ROles


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎04/10/2024 11:37 PM

I have added below query to all 3 SAV role :

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.statuskey=1"}]

FOllowing is the observation :

1. Update User Request works fine. Shows option only for External','Third Party','Vendor

2. View Exisitng Access works fine, shows all reportee details

3. RequestAccessOthersMultiUser works fine, shows all reportee details

4. Issue : RequestAccessforOthers only shows the logged in user. It does not show reportee details.

Assist please urgently.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎04/11/2024 06:02 AM

Use separate block instead of comma separated 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Manu269
All-Star
All-Star
In response to rushikeshvartak

‎04/11/2024 08:28 PM

@rushikeshvartak any sample?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎04/11/2024 08:33 PM

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Manu269
All-Star
All-Star
In response to rushikeshvartak

‎04/11/2024 09:00 PM

Let me check and confirm.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
Manu269
All-Star
All-Star
In response to Manu269

‎04/11/2024 11:20 PM - edited ‎04/11/2024 11:42 PM

@rushikeshvartak I have validated with below query in all 3 SAV roles :

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.manager= ${users.id} and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]

ROLE_MANAGER_TRAINING 

ROLE_MANAGER_VENDOR 

ROLE_END_USER 

The problem is now when the person is clicking on Request New Access for Self, then getting below message :

Ensure that you have the permission to access this. Otherwise, contact the administrator.

How to handle this case?

I also validated, if the user has only ROLE_END_USER then there is no issue.

I also validated, if the user has ROLE_END_USER and ROLE_MANAGER_TRAINING then there is no issue.

I also validated, if the user has ROLE_MANAGER_VENDOR and ROLE_MANAGER_TRAINING then there is no issue.

Problem is happening when the person has all 3 SAV roles mentioned above.

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
Dhruv_S
Saviynt Employee
Saviynt Employee
In response to Manu269

‎04/12/2024 06:06 AM

Hi @Manu269 

Please try with the query in both the custom SAV roles and no query in ROLE_END_USER and assigning all three to same user. 

Also please check and confirm if the user has all three SAV roles without this query then the user is able to request new access for self?

Regards,

Dhruv Sharma

0 Kudos

Go to solution
Manu269
All-Star
All-Star
In response to Dhruv_S

‎04/12/2024 06:21 AM

@Dhruv_S  already tested the case 1 where query is in 2 custom SAV role and no query. It does not work.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
Saathvik
All-Star
All-Star
In response to Manu269

‎04/12/2024 07:11 AM - edited ‎04/12/2024 07:17 AM

@Manu269 : Did you try below query in 

ROLE_MANAGER_TRAINING  and ROLE_MANAGER_VENDOR 

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.employeeType IN ('External','Third Party','Vendor') and a.manager= ${users.id} and a.statuskey=1"},{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"},{"for":"ViewExistingAccess","query":"select a from Users a where a.manager= ${users.id} and a.statuskey=1"}]

And for ROLE_END_USER just have Request for Self ? If that didn't work then in ROLE_END_USER use below query and try

[{"for":"RequestAccessforOthers","query":"select a from Users a where a.id= ${users.id} and a.statuskey=1"}]

If still didn't work please share the feature list for Role_End_User and also please share the settings applied in Create Request Home Option for all three SAV Roles


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Go to solution
Manu269
All-Star
All-Star
In response to Saathvik

‎04/14/2024 08:55 PM

@Saathvik thanks it works.

I had to do server restart multiple times for the changes to reflect.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos
Copyright © 2024 Khoros, LLC