Saviynt Forums

ShantanuKumar · ‎08/22/2024

We have a use case where we would like some entitlement can be requested by anyone and some entitlement can be only requested if user have a particular value in user attribute or custom property.

Let's say the Application name is MyApplication. MyApplication has 10 entitlements.

User has a attribute as a User Category which is stored in custom property. User Category can have value like A or B or C or D.

There are 2 use case here again:

1. Business wants to display all the 10 entitlement on Request Page. There is no restriction for 5 entitlement out of the 10 any one can request access for them but for the other 5, If user select them and user category is not C or D then User should see a error message.

2. User should see 10 entitlement to request access if user category is C or D and should see only 5 entitlement which can be accessed by all if user category is not C or D.

NM · ‎08/22/2024

Hi @ShantanuKumar , you can't show an error message in saviynt but what you can do is

Create a dynamic attribute DA1 use single select SQL and write a query to pull in the user category field.

2) for the entitlement which should be only visible to c and d category add that in one of the customproperty of entitlement

3) under entitlement type view details "config for requestable entitlement" add query sample

ev.customproperty1='${DA1}

With this you will be able to manage your use case.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

ShantanuKumar · ‎08/22/2024

Just one query, i think in this scenario if you have multiple values for the user attribute, you need to store them in separate custom property?

rushikeshvartak · ‎08/22/2024

You can use same customproperty

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rushikeshvartak · ‎08/22/2024

You can achieve this use case by use entitlement filter
1. Create Dynamic attribute with name as "filter" a user category
  1. Select customproperty1 as id from users a
2. Under Entitlement Type Add below query
  1. ev.status=1 and ev.customproperty1 ='${filter}'
3. Make sure entitlement custom property 1 should have filter value same as user customproperty 1
4. You can't show error message but you can show plain text string alert notification to all that x,y,z entitlements are not available to category XXX using dyanmic attribute type checkbox

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ShantanuKumar · ‎08/23/2024

Rushikesh, Thank you for all the response so far. I am able to do the POC hide the entitlement based on user attribute value.

Need bit more help on how to show plain text string alert notification to all that x,y,z entitlements are not available to category XXX using dynamic attribute type checkbox? I

rushikeshvartak · ‎08/23/2024

Can you elaborate with screenshot ,if needed create new thread

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ShantanuKumar · ‎08/22/2024

Rishikesh,

Make sense. Just one point, if the user attribute has multiple values then we need to store all possible values in different entitlement custom property or we can store multiple values with comma separated and use wild card search in the query under entitlement type? Which would be the best practice?

rushikeshvartak · ‎08/22/2024

SELECT SUBSTRING_INDEX(customproperty1, ',', 1) AS id
FROM users
UNION
SELECT SUBSTRING_INDEX(SUBSTRING_INDEX(customproperty1, ',', -2), ',', -1) AS id
FROM users

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Limiting the Access for entitlement