Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Need access to request for all and able to update only subordinate.

ssharma907
New Contributor
New Contributor

We have a requirement where we need to achieve two use cases.

1: The user should be able to request for all users
2. And the user should be able to update the user attribute of its subordinate only.

Can anyone suggest how to achieve this?

18 REPLIES 18

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @ssharma907 

Requirement 1 is possible through below configuration in SAV Role details.

A2.PNG

I don't think requirement 2 is achievable. We will check and confirm.

Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.

rushikeshvartak
All-Star
All-Star

You can achieve this using advanced config.

 

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

rushikeshvartak_0-1698985018113.png

rushikeshvartak_1-1698985028265.png

 

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @rushikeshvartak 
First,
We are not getting any "advanced config" option in Whom to request. 
I tried with 

ssharma907_0-1698994365600.png

Second 
I am able to achieve the second use case (update only my subordinate from the update user request form), but I am not able to raise requests for all users. It's only allowing me to request for myself. I tried to edit the query, but it didn't work.

It should be advanced Filter only with JSON as shared


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

HI @rushikeshvartak 
Weare getting the below options.

ssharma907_0-1699200913237.png

And I have tried the above query with the "Request for self and user retrieved from advanced filter."

ssharma907_1-1699200997601.png

But user is not able to request for all form ARS. 

Yes share config you made and logs when try to open update user form


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@ssharma907 

Could you please confirm if you are able to achieve this with advance query suggested above.

Regards,

Dhruv Sharma

NO It's still not working.
I will share the logs

 

Hi @rushikeshvartak ,
We are still not able to achieve the requirement.:
1- User should be able to request for any user from ARS.

2. User should only be able to update its subordinate end date from user update form.
PFA logs  and  Screenshots

ssharma907_0-1699600712930.png

 

 

 

Please share json,

How many sav roles user have ? Does all sav role user having updated with same condition/config?

i see user have 3 roles

"2023-11-10T07:19:29.888+00:00","ecm","services.ArsRequestAllowedService","http-nio-8080-exec-15","DEBUG","allroleid= [1, 20, 26]"


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

HI @rushikeshvartak 
JSON we are using 
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]


We also tried below queries:
1. [{"for":"RequestAccessforOthers","query":"select a from Users a"}]-> Does not work only able to see own iD in request access for others.

2. [{"for":"RequestAccessforOthers","query":"select a from Users a where a.username='shivamsharma01'"}]-> able to see Shivamsharma01 and Self ID in ARS fro others.

3. [{"for":"RequestAccessforOthers","query":"select a.username from Users a where a.statuskey='1'"}]-> Did not work, able to see only Self ID in ARS for others.

4.  [{"for":"RequestAccessforOthers","query":"select a.username from Users a where a.manager= ${users.id}"}]-> able  to request for self and subordinates from ARS for others

Looks like when we are trying to return all users  from query it is not working.

Abhay_Yadav
New Contributor II
New Contributor II

@rushikeshvartak we are also facing similar issue. Is there a way to just allow managers to update only their subordinates details(update attribute form). But, from ARS everyone should be able to raise role request for everyone.

Tried with the below JSON query.

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

1: The user should be able to request for all users- Only allowing self
2. And the user should be able to update the user attribute of its subordinate only. -Working fine

 

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Abhay_Yadav @ssharma907 

We are raising it as a bug and keep you posted.

Thanks,

Dhruv Sharma

Below query is working for me 

[{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where 1=1"},{"for":"ViewExistingAccess","query":"select a from Users a where 1=1"},{"for":"RequestAccessforOthers","query":"select a from Users a where 1=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @ssharma907 @Abhay_Yadav 

Could you please test the above and confirm if it works with this query.

Regards,

Dhruv Sharma

Abhay_Yadav
New Contributor II
New Contributor II

@rushikeshvartak @Dhruv_S Yes this works. Thanks.

[{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where 1=1"},{"for":"ViewExistingAccess","query":"select a from Users a where 1=1"},{"for":"RequestAccessforOthers","query":"select a from Users a where 1=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]