Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/31/2024 04:19 AM - last edited on 06/03/2024 12:43 AM by Sunil
Hi Folks,
We have the below usecase:
There will be requirement that if the users are a part of some specifc AD groups and from specific Departments, then those users should not be offboarded/revoked access even their end date is reached. Those users will be manually processed after review by application team.
How can we acheive this usecase?
As we don't have customqueries, we can't flag those users and thought of using savforsav connection.
Can you guys please provide any inputs on this.
Ex: if user is part of AD Group (ex:HIGHMONITOR) and he is part of department (ex:researcher) then those users should not be offboarded/revoked.
Any ideas on the above usecase folks ?
[This message has been edited by moderator to merge reply comment]
06/03/2024 08:36 PM
SELECT at1.taskkey as arstasks__primarykey, 4 as arstasks__status, 'Access retained as part of skip list, so discontinuing the deprovisioning task.' as arstasks__provisioningcomments FROM arstasks at1 WHERE at1.tasktype = 2 AND EXISTS ( SELECT 1 FROM arstasks tk JOIN users u1 ON tk.userkey = u1.userkey WHERE tk.taskkey = at1.taskkey AND tk.status = 1 AND tk.source IN ('PROVRULE', 'ZERODAY') AND tk.entitlement_valuekey IN ( SELECT entitlement_valuekey FROM entitlement_values WHERE customproperty21 = 'Skiplist' ) AND u1.statuskey = 1 ); |
06/04/2024 01:31 AM
Hi @rushikeshvartak ,
Thanks a lot for the suggestion.
Could you please confirm if there is any other way to stop creating tasks itself rather discontinuing the task.
The requirement is like that We should not create the tasks itself.
Kindly provide suggestions on the above use case if any.
06/04/2024 05:16 AM
No you can’t hold of creating task for specific entitlement