Saviynt Forums

BT · ‎07/12/2024

Need help with Actionable analytics for provisioning user to a dynamic AD group.

Can anyone please share a sample SQL query for adding a AD group to AD account , the name of the group will be dynamically decided based on users CP12 value

cn=<content of user CP12>#Sec1,OU=Security,OU=Groups,DC=xyz,DC=local

We have a technical rule that does add the group, but every now and then sometimes the group is missed out on adding , that is why want to setup analytics.

rushikeshvartak · ‎07/12/2024

SELECT u.username,
       u.customproperty12,
       u.userkey               AS userKey,
       a.accountkey            AS acctKey,
       a.NAME                  AS accName,
       ev.entitlement_valuekey AS entvaluekey
FROM   users u,
       entitlement_values ev,
       entitlement_types et,
       accounts a,
       user_accounts ua
WHERE  u.customproperty12 IS NOT NULL
       AND ev.entitlement_value = u.customproperty12
       AND ev.entitlementtypekey = et.entitlementtypekey
       AND et.endpointkey = a.endpointkey
       AND a.accountkey = ua.accountkey
       AND ev.entitlement_valuekey NOT IN (SELECT ae.entitlement_valuekey
                                           FROM   account_entitlements1 ae
                                           WHERE  ae.accountkey = a.accountkey)

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

shefalipatidar · ‎07/25/2024

Is this query adding the group (cn=<content of user CP12>#Sec1,OU=Security,OU=Groups,DC=xyz,DC=local) to the entitlement in the account?

pmahalle · ‎07/25/2024

@BT , @shefalipatidar ,

Use below query for adding the group (cn=<content of user CP12>#Sec1,OU=Security,OU=Groups,DC=xyz,DC=local) to the entitlement in the account and try once.

SELECT u.username,
       u.customproperty12,
       u.userkey               AS userKey,
       a.accountkey            AS acctKey,
       a.NAME                  AS accName,
       ev.entitlement_valuekey AS entvaluekey,
'Provision Access' AS Default_Action_For_Analytics
FROM   users u,
       entitlement_values ev,
       entitlement_types et,
       accounts a,
       user_accounts ua
WHERE  u.customproperty12 IS NOT NULL
       AND ev.entitlement_value = concat('cn=',u.customproperty12,'#Sec1,OU=Security,OU=Groups,DC=xyz,DC=local')
       AND ev.entitlementtypekey = et.entitlementtypekey
       AND et.endpointkey = a.endpointkey
       AND a.accountkey = ua.accountkey
       AND ev.entitlement_valuekey NOT IN (SELECT ae.entitlement_valuekey
                                           FROM   account_entitlements1 ae
                                           WHERE  ae.accountkey = a.accountkey)

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

shefalipatidar · ‎07/25/2024

Is this assigning or just matching the condition

pmahalle · ‎07/25/2024

@shefalipatidar It will assign the entitlement once you run the analytics and provisioning job.

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

shefalipatidar · ‎07/25/2024

When I am trying to execute this query in data analyzer it is saying no data found?

pmahalle · ‎07/25/2024

@shefalipatidar Check user's cp21 has correct value or not

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

shefalipatidar · ‎07/25/2024

I has the value of CP21 assigned. But still showing no data found.

rushikeshvartak · ‎07/25/2024

Share output of previous query without concat

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

BT · ‎07/29/2024

Thank you @rushikeshvartak @pmahalle @shefalipatidar the above solution worked . I have marked it as accepted solution ... thank you once again team for all the help.