Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need access to request for all and able to update only subordinate.

ssharma907
New Contributor
New Contributor

‎11/02/2023 08:11 AM

We have a requirement where we need to achieve two use cases.

1: The user should be able to request for all users
2. And the user should be able to update the user attribute of its subordinate only.

Can anyone suggest how to achieve this?

Labels:
0 Kudos
18 REPLIES 18

Dhruv_S
Saviynt Employee
Saviynt Employee

‎11/02/2023 08:41 PM - edited ‎11/02/2023 08:42 PM

Hi @ssharma907 

Requirement 1 is possible through below configuration in SAV Role details.

A2.PNG

I don't think requirement 2 is achievable. We will check and confirm.

Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎11/02/2023 09:17 PM

You can achieve this using advanced config.

 

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

rushikeshvartak_0-1698985018113.png

rushikeshvartak_1-1698985028265.png

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ssharma907
New Contributor
New Contributor
In response to rushikeshvartak

‎11/02/2023 11:59 PM

Hi @rushikeshvartak 
First,
We are not getting any "advanced config" option in Whom to request. 
I tried with 

ssharma907_0-1698994365600.png

Second 
I am able to achieve the second use case (update only my subordinate from the update user request form), but I am not able to raise requests for all users. It's only allowing me to request for myself. I tried to edit the query, but it didn't work.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ssharma907

‎11/03/2023 08:45 PM

It should be advanced Filter only with JSON as shared


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

ssharma907
New Contributor
New Contributor
In response to rushikeshvartak

‎11/05/2023 08:17 AM

HI @rushikeshvartak 
Weare getting the below options.

ssharma907_0-1699200913237.png

And I have tried the above query with the "Request for self and user retrieved from advanced filter."

ssharma907_1-1699200997601.png

But user is not able to request for all form ARS. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ssharma907

‎11/05/2023 06:32 PM

Yes share config you made and logs when try to open update user form


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to rushikeshvartak

‎11/07/2023 05:42 AM

@ssharma907 

Could you please confirm if you are able to achieve this with advance query suggested above.

Regards,

Dhruv Sharma

0 Kudos

ssharma907
New Contributor
New Contributor
In response to Dhruv_S

‎11/07/2023 08:44 PM

NO It's still not working.
I will share the logs

 

0 Kudos

ssharma907
New Contributor
New Contributor
In response to rushikeshvartak

‎11/09/2023 11:23 PM

Hi @rushikeshvartak ,
We are still not able to achieve the requirement.:
1- User should be able to request for any user from ARS.

2. User should only be able to update its subordinate end date from user update form.
PFA logs  and  Screenshots

ssharma907_0-1699600712930.png

 

 

0 Kudos

ssharma907
New Contributor
New Contributor
In response to ssharma907

‎11/09/2023 11:23 PM

 
Preview file
765 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ssharma907

‎11/13/2023 10:58 AM - edited ‎11/13/2023 11:01 AM

Please share json,

How many sav roles user have ? Does all sav role user having updated with same condition/config?

i see user have 3 roles

"2023-11-10T07:19:29.888+00:00","ecm","services.ArsRequestAllowedService","http-nio-8080-exec-15","DEBUG","allroleid= [1, 20, 26]"


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

ssharma907
New Contributor
New Contributor
In response to rushikeshvartak

‎11/14/2023 12:40 AM

HI @rushikeshvartak 
JSON we are using 
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]


We also tried below queries:
1. [{"for":"RequestAccessforOthers","query":"select a from Users a"}]-> Does not work only able to see own iD in request access for others.

2. [{"for":"RequestAccessforOthers","query":"select a from Users a where a.username='shivamsharma01'"}]-> able to see Shivamsharma01 and Self ID in ARS fro others.

3. [{"for":"RequestAccessforOthers","query":"select a.username from Users a where a.statuskey='1'"}]-> Did not work, able to see only Self ID in ARS for others.

4.  [{"for":"RequestAccessforOthers","query":"select a.username from Users a where a.manager= ${users.id}"}]-> able  to request for self and subordinates from ARS for others

Looks like when we are trying to return all users  from query it is not working.

0 Kudos

Abhay_Yadav
New Contributor II
New Contributor II

‎11/13/2023 04:35 AM

@rushikeshvartak we are also facing similar issue. Is there a way to just allow managers to update only their subordinates details(update attribute form). But, from ARS everyone should be able to raise role request for everyone.

0 Kudos

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to Abhay_Yadav

‎11/14/2023 11:47 PM

Tried with the below JSON query.

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a "},{"for":"ViewExistingAccess","query":"select a from Users a "},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

1: The user should be able to request for all users- Only allowing self
2. And the user should be able to update the user attribute of its subordinate only. -Working fine

 

0 Kudos

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to Dhruv_S

‎11/22/2023 11:28 PM

Hi @Abhay_Yadav @ssharma907 

We are raising it as a bug and keep you posted.

Thanks,

Dhruv Sharma

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Abhay_Yadav

‎11/23/2023 04:53 PM - edited ‎11/23/2023 05:25 PM

Below query is working for me 

[{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where 1=1"},{"for":"ViewExistingAccess","query":"select a from Users a where 1=1"},{"for":"RequestAccessforOthers","query":"select a from Users a where 1=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to rushikeshvartak

‎11/23/2023 10:57 PM

Hi @ssharma907 @Abhay_Yadav 

Could you please test the above and confirm if it works with this query.

Regards,

Dhruv Sharma

0 Kudos

Abhay_Yadav
New Contributor II
New Contributor II

‎11/23/2023 11:39 PM

@rushikeshvartak @Dhruv_S Yes this works. Thanks.

[{"for":"RequestAccessOthersMultiUser","query":"select a from Users a where 1=1"},{"for":"ViewExistingAccess","query":"select a from Users a where 1=1"},{"for":"RequestAccessforOthers","query":"select a from Users a where 1=1"},{"for":"UpdateUserRequest","query":"select a from Users a where a.manager= ${users.id}"}]

 

0 Kudos
Copyright © 2024 Khoros, LLC