03/03/2023 01:10 PM - edited 03/03/2023 01:11 PM
Hi ,
We have a requirement to show Dynamic attribute values based entitlements selection, please find below marked UserRole(Dynamic Attribute) one has to go down to the permissionSet(Entitlements)
any inputs on this ?
03/03/2023 06:19 PM
@IAM_99 You can check the Understanding Entitlement Hierarchy and Entitlement Mapping section in Admin Guide. It explains how you can use the dynamic attribute to populate entitlement values (check Config for Requestable Entitlement in ARS).
03/05/2023 02:21 PM
Thanks for the response. for ex: Suppose we have two entitlement types -
1. Permissionset
2. Role
if user selects PS1 (Permissionset type) ---> Role1,Role2 ( we need show these) , PS2---> Role3,Role4
What is the variable name for user selected entitlements, so that we can filter in the sql query?
ev.customproperty1={userselectedEntitlement_value} like this ?
03/05/2023 05:05 PM
Can you explain more about this? I did read the doc but cant find how to achieve this. I have similar requirement about this
03/06/2023 08:51 AM
You can use Entitlement Map feature with Request Filter and Hierarchy ON
03/06/2023 03:26 PM
My requirement is bit different. Do we have binding variable entitlement selected to use in dynamic attr?
I want to show boolean value if entitlement valuekey is part of user_role. Then this should be auto approved.
03/06/2023 03:36 PM
I don't think selected entitlement binding variable is available to use in DA. But I could be wrong will lookout for suggestions from Saviynt team.
What is your use case, I just want to know to see if it can be achieved in different way
03/06/2023 03:41 PM
By our security policy some entitlement assigned by enterprise role could be revoked if there is no access history. In this case, user may request the ent again via ARS. We want to make this auto approve in this case.
If ent valuekey = part of user_role then auto approve.
If there is no way to achieve this with DA, i am thinking to use analytics report if we have allowed action to approve request
03/06/2023 04:21 PM
You can try to implement this logic in WF using Custom Assignment block if user is part of role then assign approval back to requestor it will get auto prove otherwise assign it to entitlement owner.
Otherwise you can use if-else with groovy and use below format to execute a query
Example:
(com.saviynt.ecm.identitywarehouse.domain.Account_entitlements1.executeQuery("select ae.id from Account_entitlements1 ae where <logic>")?.size() != 0) == true
03/09/2023 12:16 PM
Request filter option is working for first time , next entitlement its not showing.
any other inputs on implementing - Parent - Child entitlements (dynamic selection) in Salesforce OOTB Connector?