Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help on entitlement access request limitation

Go to solution
ShantanuKumar
Regular Contributor
Regular Contributor

‎09/30/2024 01:20 PM

We have a ARS form to request access for a critical App which has some high risk roles.

The form has a dynamic attribute as "Energy IP Permissions". The value in dynamic attribute is coming from a user attribute(customproperty18).

User has a attribute which stores Energy IP Permission values. It is stored in customproperty18 .

Let's assume the End Point has 5 Entitlement(ENT1, ENT2, ENT3, ENT4 and ENT5). All the 5 entitlement are imported under same entitlement type.

Use case:

1. If the User has customproperty18 value as Class IV or Class III then user should be able submit request for ENT1 but if customproperty18  is null or any other value than  Class IV or Class III then they should not able to submit request for ENT1 .

2. If the user has customproperty18  value as Class II then user should be able submit request for ENT2 but if customproperty18  is null or any other value than  Class IV or Class III then they should not able to submit request for ENT2 .

3. The remaining 3 Entitlements(ENT3, ENT4 and ENT5) can be accessed by all user base. 

We are trying to accomplish this by below process:

1. We have added a dynamic attribute to display the value of Energy IP Permission:

ShantanuKumar_1-1727726780109.png

2. We also added the Energy IP Permission values in 1 of the customproperty of entitlement. 

ShantanuKumar_3-1727727513796.png

 

3. Added the condition under entitlement type like below:

ShantanuKumar_2-1727727222998.png

Question: : It doesn't work as per the use case. As you can see the Energy IP Permission could have multiple values. Like Class IV or Class III or Class II or null, it could be more as well. How do we manage multiple values in ustomproperty of entitlement?

 

Labels:
0 Kudos
3 REPLIES 3

Go to solution
NM
Esteemed Contributor
Esteemed Contributor

‎09/30/2024 06:20 PM

@ShantanuKumar replace = sign with in which can accommodate multiple values.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

Go to solution
Raghu
All-Star
All-Star

‎09/30/2024 11:16 PM

@ShantanuKumar  try below condition

ev.customproperty32 in ('${Group}') and ev.displayname like '${Role}' and ev.customproperty1 in ('${EnergyIPPermission}')


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

Go to solution
ShantanuKumar
Regular Contributor
Regular Contributor

‎10/01/2024 11:40 AM

I already tried this but that didn't help. Let me explain:

 

Use case1: If the user’s customproperty18 is set to Class IV or Class III, they should be able to submit a request for ENT1. However, if customproperty18 is null or set to any value other than Class IV or Class III, they should not be able to submit a request for ENT1.

 

Solution implemented: Added “Class IV” under custumproperty18 for ENT1 and added the condition under entitlement type: ev.customproperty32 in ('${Group}') and ev.displayname like '${Role}' and ev.customproperty18 in ('${EnergyIPPermission}')

 

Behavior observed:

The user with customproperty18 set to Class IV was able to select and submit a request for ENT1.

The user with customproperty18 set to Class III could not see ENT1 to request it.

he user with customproperty18 set to Class IV could not select any other entitlements.

Users without a value for customproperty18 (null) or with a value other than Class IV or Class III were unable to select any entitlement.

 

Expected Behavior: The user with customproperty18 set to Class IV or Class III should be able to select all entitlement except ENT2(ENT2 can be selected only User’s customproperty18 set to Class II).

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Use case2: If the user’s custom property 18 is set to Class II, they should be able to submit a request for ENT2. However, if custom property 18 is null or set to any value other than Class II, they should not be able to submit a request for ENT2.

 

Solution implemented: Added “Class II” under custumproperty18 for ENT2 and added the condition under entitlement type: ev.customproperty32 in ('${Group}') and ev.displayname like '${Role}' and ev.customproperty18 in ('${EnergyIPPermission}')

 

Behavior observed:

The user with customproperty18 set to Class II was able to select and submit a request for ENT2.

The user with customproperty18 set to Class II could not select any other entitlements.

Users without a value for customproperty18 (null) or with a value other than Class II were unable to select any entitlement.

 

Expected Behavior: The user with customproperty18 set to Class II should be able to select all entitlement except ENT1(ENT1 can be selected only User’s customproperty18 set to Class IV or Class III).

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Use case3: The remaining 3 Entitlements(ENT3, ENT4 and ENT5) can be accessed by all users. 

 

Solution implemented: No changes done in ENT3 or ENT4 or ENT5.

 

Behavior observed: No one was able to select any of the entitlements(ENT3 or ENT4 or ENT5).

 

Expected Behavior: ENT3 or ENT4 or ENT5 should be able to requested by all user.

0 Kudos
Copyright © 2024 Khoros, LLC