Click HERE to see how Saviynt Intelligence is transforming the industry. |
11/02/2023 08:11 AM
We have a requirement where we need to achieve two use cases.
1: The user should be able to request for all users
2. And the user should be able to update the user attribute of its subordinate only.
Can anyone suggest how to achieve this?
11/02/2023 08:41 PM - edited 11/02/2023 08:42 PM
Hi @ssharma907
Requirement 1 is possible through below configuration in SAV Role details.
I don't think requirement 2 is achievable. We will check and confirm.
Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.
11/02/2023 09:17 PM
You can achieve this using advanced config.
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]
11/02/2023 11:59 PM
Hi @rushikeshvartak
First,
We are not getting any "advanced config" option in Whom to request.
I tried with
Second
I am able to achieve the second use case (update only my subordinate from the update user request form), but I am not able to raise requests for all users. It's only allowing me to request for myself. I tried to edit the query, but it didn't work.
11/03/2023 08:45 PM
It should be advanced Filter only with JSON as shared
11/05/2023 08:17 AM
HI @rushikeshvartak
Weare getting the below options.
And I have tried the above query with the "Request for self and user retrieved from advanced filter."
But user is not able to request for all form ARS.
11/05/2023 06:32 PM
Yes share config you made and logs when try to open update user form
11/07/2023 05:42 AM
Could you please confirm if you are able to achieve this with advance query suggested above.
Regards,
Dhruv Sharma
11/07/2023 08:44 PM
NO It's still not working.
I will share the logs
11/09/2023 11:23 PM
Hi @rushikeshvartak ,
We are still not able to achieve the requirement.:
1- User should be able to request for any user from ARS.
2. User should only be able to update its subordinate end date from user update form.
PFA logs and Screenshots
11/09/2023 11:23 PM
11/13/2023 10:58 AM - edited 11/13/2023 11:01 AM
Please share json,
How many sav roles user have ? Does all sav role user having updated with same condition/config?
i see user have 3 roles
"2023-11-10T07:19:29.888+00:00","ecm","services.ArsRequestAllowedService","http-nio-8080-exec-15","DEBUG","allroleid= [1, 20, 26]"
11/14/2023 12:40 AM
HI @rushikeshvartak
JSON we are using
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]
We also tried below queries:
1. [{"for":"RequestAccessforOthers","query":"select a from Users a"}]-> Does not work only able to see own iD in request access for others.
2. [{"for":"RequestAccessforOthers","query":"select a from Users a where a.username='shivamsharma01'"}]-> able to see Shivamsharma01 and Self ID in ARS fro others.
3. [{"for":"RequestAccessforOthers","query":"select a.username from Users a where a.statuskey='1'"}]-> Did not work, able to see only Self ID in ARS for others.
4. [{"for":"RequestAccessforOthers","query":"select a.username from Users a where a.manager= ${users.id}"}]-> able to request for self and subordinates from ARS for others
Looks like when we are trying to return all users from query it is not working.
11/13/2023 04:35 AM
@rushikeshvartak we are also facing similar issue. Is there a way to just allow managers to update only their subordinates details(update attribute form). But, from ARS everyone should be able to raise role request for everyone.
11/14/2023 11:47 PM
Tried with the below JSON query.
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]
1: The user should be able to request for all users- Only allowing self
2. And the user should be able to update the user attribute of its subordinate only. -Working fine
11/22/2023 11:28 PM
11/23/2023 04:53 PM - edited 11/23/2023 05:25 PM
Below query is working for me
[{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where 1=1"},{"for":"ViewExistingAccess","query":"select a from Users a where 1=1"},{"for":"RequestAccessforOthers","query":"select a from Users a where 1=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]
11/23/2023 10:57 PM
Could you please test the above and confirm if it works with this query.
Regards,
Dhruv Sharma
11/23/2023 11:39 PM
@rushikeshvartak @Dhruv_S Yes this works. Thanks.
[{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where 1=1"},{"for":"ViewExistingAccess","query":"select a from Users a where 1=1"},{"for":"RequestAccessforOthers","query":"select a from Users a where 1=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]