Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Need an information regarding revoke access

sk
Regular Contributor
Regular Contributor

Hello Experts,

Need an information regarding revoke access,

We need to trigger remove access for parent and child endpoint when the  end date expires from actionable analytics.

for this we have added the parent entitlement to the child entitlement and enabled the dependent task.

saiKrishna_0-1716200820755.png

 

Need to confirm if the remove access triggers for both parent and child endpoint

13 REPLIES 13

NM
Valued Contributor
Valued Contributor

Hi @sk , yes whichever entitlement is added in mapping a remove task will be created for them..

sk
Regular Contributor
Regular Contributor

@NM , thanks for the response.

Will the remove access trigger for both parent and child?

Raghu
Honored Contributor
Honored Contributor

@sk  it will trigger both A and B


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

sk
Regular Contributor
Regular Contributor

Hi @Raghu , @NM , thanks for the response

We are using the below actionable analyitcs to trigger the parent and child remove access task but only child endpoint remove task is triggering 

select ae.entitlement_valuekey as entvaluekey,ae.accountkey as acctKey,u.username , a.name , 'Deprovision Access' as 'Default_Action_For_Analytics',ev.entitlement_value , (select endpointname from endpoints where endpointkey=a.endpointkey) as 'Ednpointname' , ae.startdate as 'StDt' , ae.enddate as 'EndDt' , date(ae.enddate) as 'DtEndDt' , ae.accountkey , ae.entitlement_valuekey , a.status as 'AccntStatus' , u.statuskey as 'UserStatus' from accounts a join account_entitlements1 ae on (a.accountkey = ae.accountkey and ae.enddate is not NULL) join entitlement_values ev on ev.entitlement_valuekey = ae.entitlement_valuekey join user_accounts ua on ua.accountkey = a.accountkey join users u on u.userkey = ua.userkey where a.status in ("1","Active","Manually Provisioned") and a.endpointkey not in ("16","13","9","14","33","6","7","39","8","5","43","15","2","27","3","4","11","12","79") and date(ae.enddate) <= curdate()

please let me know if I am missing anything here 

NM
Valued Contributor
Valued Contributor

@sk , do you see entitlement from parent endpoint showing up in analytics and does those entitlement have end date?

sk
Regular Contributor
Regular Contributor

@NM , @Raghu By running the above analytics, 2 revoke access were triggering for child endpoint (one task with entilement value and other task with entitlement displayname)

No parent task is triggering

It will only create task for child entitlements . You can adjust your query to remove parent entitlement based on child entitlements end date.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Manu269
All-Star
All-Star

For this particular EP, can you check the entitlement type configuration?

Is parent Ent is requestable?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

sk
Regular Contributor
Regular Contributor

Hi @Manu269 ,

yes the parent EP is requestable and i have checked the configuration

Manu269
All-Star
All-Star

@sk can you also check if via ARS, the task are getting created when you remove parent?

I have check via ARS and it works.

Ideally it should also work via analytics.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

sk
Regular Contributor
Regular Contributor

Hello @rushikeshvartak , thanks for the response

We are using the below query to fetch the revoke access for both parent and child 

select ae.entitlement_valuekey as entvaluekey,ae.accountkey as acctKey,u.username , a.name , 'Deprovision Access' as 'Default_Action_For_Analytics',ev.entitlement_value , (select endpointname from endpoints where endpointkey=a.endpointkey) as 'Ednpointname' , ae.startdate as 'StDt' , ae.enddate as 'EndDt' , date(ae.enddate) as 'DtEndDt' , ae.accountkey , ae.entitlement_valuekey , a.status as 'AccntStatus' , u.statuskey as 'UserStatus' from accounts a join account_entitlements1 ae on (a.accountkey = ae.accountkey and ae.enddate is not NULL) join entitlement_values ev on ev.entitlement_valuekey = ae.entitlement_valuekey join user_accounts ua on ua.accountkey = a.accountkey join users u on u.userkey = ua.userkey where a.status in ("1","Active","Manually Provisioned") and a.endpointkey not in ("16","13","9","14","33","6","7","39","8","5","43","15","2","27","3","4","11","12","79") and date(ae.enddate) <= curdate()

 

By using this query 2 revoke access were triggering for child endpoint (one task with entilement value and other task with entitlement displayname)

Are we missing any condition in this query

 

can you share report screenshot. There should not be task for entitlement display name.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

sk
Regular Contributor
Regular Contributor

@rushikeshvartak , PFA the screenshot

saiKrishna_0-1716273077285.png