Saviynt Forums

sandeepgudipudi · ‎02/29/2024

Provisioning or deprovisioning assignments from SAV Role via Analytics (saviyntcloud.com)

I followed the document to provision and deprovision the manager sav role but in 24.1 version the option has changed and cound not able to assign manager sav role. The Category and Subcategory as is not showing the options as stated in document and even in job

Below is the sql query to get the manager and able to fetch records but manager role provisioning is not working

select distinct u1.USERNAME, u1.FIRSTNAME,u1.LASTNAME,u1.DISPLAYNAME,u1.EMAIL, case when u1.STATUSKEY=1 then 'Active' when u1.STATUSKEY=0 then 'Inactive' end as UserStatus, u4.NAME,u5.ENDPOINTNAME,u6.ENTITLEMENTNAME,u7.ENTITLEMENT_VALUE, 'Provision Access' as Default_Action_For_Analytics, u7.ENTITLEMENT_VALUEKEY as entvaluekey, u4.ACCOUNTKEY as acctKey, u4.NAME as accName, u1.USERKEY as userKey from users u1 join user_accounts u3 on u1.USERKEY=u3.USERKEY join accounts u4 on u3.ACCOUNTKEY=u4.ACCOUNTKEY join endpoints u5 on u4.ENDPOINTKEY=u5.ENDPOINTKEY join entitlement_types u6 on u5.ENDPOINTKEY=u6.ENDPOINTKEY join entitlement_values u7 on u6.ENTITLEMENTTYPEKEY=u7.ENTITLEMENTTYPEKEY where u1.userkey in (SELECT DISTINCT MANAGER FROM users) and not exists ( select distinct usr1.USERKEY from user_savroles usr1 join savroles usr2 on usr1.ROLEKEY=usr2.ROLEKEY where usr2.ROLENAME='ROLE_JNPR_MANAGER' and usr1.USERKEY=u1.USERKEY ) and u5.ENDPOINTNAME='Saviynt' and u6.ENTITLEMENTNAME='SAVRoles' and u7.ENTITLEMENT_VALUE='ROLE_JNPR_MANAGER' and u1.statuskey=1 and u7.status=1;

Raghu · ‎02/29/2024

@sandeepgudipudi you can create Category and Subcategory , we have option New in drop down list and try it.

again issue just create Category and select actionable report

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

sandeepgudipudi · ‎02/29/2024

The above solution did not add sav roles to managers. Note Iam using a custom SAV Role for Manager

Manu269 · ‎02/29/2024

@sandeepgudipudi I believe you might have create Saviynt Connection and pulled in all the sav roles.

Provisioning or deprovisioning assignments from SAV Role via Analytics (saviyntcloud.com)

If you check here , it is referrring following items :

 u5.ENDPOINTNAME='IGA'

and u6.ENTITLEMENTNAME='SAVRole'

and u7.ENTITLEMENT_VALUE='ROLE_MANAGER'

Hence make sure you have pulled in the entitlements in EIC.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

rushikeshvartak · ‎02/29/2024

Please share report & job configuration

SELECT DISTINCT u1.username,
                u1.firstname,
                u1.lastname,
                u1.displayname,
                u1.email,
                CASE
                  WHEN u1.statuskey = 1 THEN 'Active'
                  WHEN u1.statuskey = 0 THEN 'Inactive'
                END                          AS UserStatus,
                acc.NAME                     AS AccountName,
                endp.endpointname,
                ent.entitlementname,
                ent_val.entitlement_value,
                'Provision Access'           AS Default_Action_For_Analytics,
                ent_val.entitlement_valuekey AS entvaluekey,
                acc.accountkey               AS acctKey,
                acc.NAME                     AS accName,
                u1.userkey                   AS userKey
FROM   users u1
       JOIN user_accounts u3
         ON u1.userkey = u3.userkey
       JOIN accounts acc
         ON u3.accountkey = acc.accountkey
       JOIN endpoints endp
         ON acc.endpointkey = endp.endpointkey
       JOIN entitlement_types ent
         ON endp.endpointkey = ent.endpointkey
       JOIN entitlement_values ent_val
         ON ent.entitlementtypekey = ent_val.entitlementtypekey
WHERE  u1.userkey IN (SELECT DISTINCT manager
                      FROM   users)
       AND NOT EXISTS (SELECT DISTINCT usr1.userkey
                       FROM   user_savroles usr1
                              JOIN savroles usr2
                                ON usr1.rolekey = usr2.rolekey
                       WHERE  usr2.rolename = 'ROLE_JNPR_MANAGER'
                              AND usr1.userkey = u1.userkey)
       AND endp.endpointname = 'Saviynt'
       AND ent.entitlementname = 'SAVRoles'
       AND ent_val.entitlement_value = 'ROLE_JNPR_MANAGER'
       AND u1.statuskey = 1
       AND ent_val.status = 1;

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sandeepgudipudi · ‎03/01/2024

Hi Please find the report and job configuration. About 1880 records are fetch and only added 2 records in csv for security reasons and still no sav role is assigned to managers with above query

FYI-The above query worked only after removing ; at the end, else it is poping an error

rushikeshvartak · ‎03/02/2024

Share report configuration screenshot

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sandeepgudipudi · ‎03/04/2024

Hi,

attached report configuration screenshot

Saviynt Forums

Provisioing and Deprovisioing MANAGER SAV ROLE