Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Request for Assistance with Group Management and Entitlement Glossary Update

markmch
New Contributor
New Contributor

Hi Saviynt Team,

I hope you are doing well. I’m in the process of setting up Group Management in Saviynt to ensure that modifications to entitlements are reflected in Active Directory. I’ve successfully enabled the necessary functionalities, and tasks are being created when an entitlement is modified.

However, I’m unable to see the Entitlement Glossary field in the entitlement edit screen. My goal is to update the Entitlement Glossary in Saviynt and ensure that these updates are reflected in both Saviynt and Active Directory.

Attached are some screenshots that illustrate the current configuration and the issue I’m encountering. I would appreciate your assistance in enabling the visibility of the Entitlement Glossary field or guiding me on how to achieve this.

markmch_1-1723660190242.png

 



markmch_0-1723660042193.png

 

Thank you in advance for your support.

22 REPLIES 22

rushikeshvartak
All-Star
All-Star
  • Group management works on role objects, and role object do not have Entitlement Glossary field.
  • You can store glossary value in roles custom property
  • from roles custom property using enhanced query, move to Entitlements Entitlement Glossary

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

markmch
New Contributor
New Contributor

If I go to the Admin -> Roles, the AD group is not listed as a Role, can you explain it a bit more, please?


Role type as entitlement 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ok, will create enhacement query job that updates role.customproperty1=entitlement.Entitlement_Glossary on rolename=entitlmentname, is that correct?

Yes


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Here you go 

select
ev.ENTITLEMENT_VALUEKEY as entitlement_values__primarykey,
r.customproperty1 as  entitlement_values__ENTITLEMENT_GLOSSARY
from roles r,
entitlement_values ev,
entitlement_types et
where r.role_name =ev.entitlement_value
and r.roletype=6 
and et.endpointkey=r.endpointkey
and et.entitlementtypekey=ev.entitlementtypekey
and r.customproperty1 !=ev.ENTITLEMENT_GLOSSARY

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Shows error on job creation - Cannot use column ENTITLEMENT_VALUEKEY of table EV as primary key of table ENTITLEMENT_VALUES

markmch_0-1723670376913.png

 

select
ev.ENTITLEMENT_VALUEKEY as entitlement_values__primarykey,
r.customproperty1 as entitlement_values__ENTITLEMENT_GLOSSARY
from
entitlement_values ev,roles r,
entitlement_types et
where r.role_name =ev.entitlement_value
and r.roletype=6
and et.endpointkey=r.endpointkey
and et.entitlementtypekey=ev.entitlementtypekey
and r.customproperty1 !=ev.ENTITLEMENT_GLOSSARY


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I have tested and all of this works, but looks like we don't need the enhancement query job, when the entitlement is modified from Manage AD Groups, then the task is sent, it's also updating the entitlement_glossary, is this the expected behavior? When do we need the enhancement query job?

saviAI
New Contributor
New Contributor

Yes expected 

markmch
New Contributor
New Contributor

Is it possible to trigger an entitlement update in Active Directory directly by modifying the entitlement_glossary attribute in the Entitlement View in Saviynt, without having to rely on roles or custom properties? I want to avoid duplicating information in roles and only update the glossary field within the entitlement. Any guidance on how to achieve this or alternative approaches would be greatly appreciated.

There is no harm is updating during modification so no impact and its expected 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Is it possible to trigger an entitlement update in Active Directory directly by modifying the entitlement_glossary attribute in the Entitlement View in Saviynt, without having to rely on roles or custom properties? I want to avoid duplicating information in roles and only update the glossary field within the entitlement. Any guidance on how to achieve this or alternative approaches would be greatly appreciated ?

  • No. 
  • Saviynt Role Management works on Role object and there is no alternative to it
  • You need to update roles customproperty

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

We are updating the entitlement via API, is there a way to also update the Role and that the Update entitlement task get triggered?

  • if you update role, then it will create task and update the target
  • rushikeshvartak_0-1724293504516.png

     


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Can it be also from Enhancement Query job?

So, you mean if I'm updating entitlement via api, I should add 2 more extra calls to update the role customproperty and also create the task?

2 api - ent update & create task for role with entitlement type 

this can’t be done with enhanced query


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I need to make a bulk update from the entitlement_glossary field to the AD extension attribute, Is there a way to do it from Saviynt or we should do it from API updating the entitlement, role and creating task to update entitlement?

You can use api / perform directly one time in ad


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Any idea?