We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Request for guidance on fetching Values from attribute type as Multi Select From SQL query

sxm1067
New Contributor II
New Contributor II

Hi Team,

I have created a dynamic attribute in the custom form attribute type as Multi Select From SQL query to fetch the user's sav roles detail.

And we have a requirement that Manager (having sav role Role_manager) can generate a scramble ID for their direct reportees and User having Admin sav role can generate a scramble ID for everyone except himself/herself.

If a user will have two sav roles (Admin, role_manager) and user has to remove one sav role to select the action  -

 

sxm1067_0-1695049724487.png

and requestor selected a manager sav role and tries to submit the form with the below validation condition -

sxm1067_1-1695049784382.png

 

${(selectAction == 'Generate Scramble OTP' && RequestorUserID != username && RequestorUserID == managerID && status == 'Active' && loggedInUserRole == 'Manager') || (selectAction == 'Generate Scramble OTP' && RequestorUserID != username && status == 'Active' && loggedInUserRole == 'Admin')}

This is not allowing a user to submit the form since the loggedInUserRole dynamic attribute type is Multi Select From SQL Query.

Could you please guide me how can we use this feature ?

Regards,

Sujata

[This message has been edited by moderator to mask PII info]

8 REPLIES 8

adriencosson
Regular Contributor III
Regular Contributor III

Hi @sxm1067 ,

As loggedInUserRole is a MultiSelect Query, any chance you can try to replace loggedInUserRole == 'Manager' with loggedInUserRole.contains('Manager') and give it a try ?

 

Regards,
Adrien COSSON

krecpond
New Contributor III
New Contributor III

loggedInUserRole.contains('Manager') does not work in the validation condition. I have to use == . The functionality is still not working with either expressions.

adriencosson
Regular Contributor III
Regular Contributor III

Hi @krecpond ,

Any chance you were able to get the logs to see if there is any error or prompting values of the dynamic attribute format ?

Regards,
Adrien COSSON

sxm1067
New Contributor II
New Contributor II

Hi @adriencosson ,

I could see the below error in the logs -

sxm1067_0-1695200150767.png

I had two sav role assigned (Admin and Manager) and below is the selectAction dynamic attributes query -

SELECT 'Immediate Exit' AS id FROM users WHERE ${loggedInUserRole} = 'HR' UNION SELECT 'Immediate Exit' AS id FROM users WHERE ${loggedInUserRole} = 'Admin' UNION SELECT 'Disable EFX Login ID' AS id FROM users WHERE ${loggedInUserRole} = 'Admin' UNION SELECT 'Enable EFX Login ID' AS id FROM users WHERE ${loggedInUserRole} = 'Admin' UNION SELECT 'Enable ServiceNow Global ID' AS id FROM users WHERE ${loggedInUserRole} = 'Admin' UNION SELECT 'Internal Investigation' AS id FROM users WHERE ${loggedInUserRole} = 'Admin' UNION SELECT 'Internal Investigation' AS id FROM users WHERE ${loggedInUserRole} = 'Internal Investigation' UNION SELECT 'Enable EFX Login ID' AS id FROM users WHERE ${loggedInUserRole} = 'Internal Investigation' UNION SELECT 'Enable EFX Login ID' AS id FROM users WHERE ${loggedInUserRole} = 'MANAGER' UNION SELECT 'Generate Scramble OTP' AS id FROM users WHERE ${loggedInUserRole} = 'Admin'

 

Regards,

Sujata

 

adriencosson
Regular Contributor III
Regular Contributor III

Hi @sxm1067 ,

Good, so it looks that the list of multi Select is displayed as 'Admin','Manager'

Then, you might try the below and let us know if it works for you :

loggedInUser.replaceAll("'","").split(",").contains('Manager')

This would transform the attribute from String to an Array and then checks if it contains the appropriate value.

Regards,
Adrien COSSON

sxm1067
New Contributor II
New Contributor II

Hi @adriencosson ,

Now I am not seeing the error but the functionality we want is If i have two sav roles assigned (Admin and Manager) and i am removing admin role in the form so that as per the validation conditions I should be able to submit the form only for my direct reportees.

sxm1067_0-1695202004678.png

I removed the admin -

sxm1067_1-1695202048662.png

 and the validation query - 

${((selectAction != currentSelectAction && currentSelectAction != 'Immediate Exit') && (((selectAction == 'Enable EFX Login ID' && status != 'Active' && customproperty47 != 'TRM') && (selectAction == 'Enable EFX Login ID' && status != 'Active' && customproperty47 != 'ITRM') && (selectAction == 'Enable EFX Login ID' && status != 'Active' && customproperty47 != 'CONV')) || ((selectAction == 'Disable EFX Login ID' && status != 'Inactive') || (selectAction == 'Enable ServiceNow Global ID' && status == 'Active' && snowStatus != 'Active') || (selectAction == 'Internal Investigation' && statuskey == 'Active') || (selectAction == 'Immediate Exit') || (selectAction == 'Enable EFX Login ID' && RequestorUserID != username && RequestorUserID == managerID && status != 'Active' && loggedInUser.replaceAll("'","").split(",").contains('Manager')) || (selectAction == 'Enable EFX Login ID' && status != 'Active' && loggedInUser.replaceAll("'","").split(",").contains('Admin')))))}

In this above both the highlighted conditions are getting satisfied. If i am removing admin sav role in the form then It should only allow me to submit the form for my reportees.

 

Regards,

Sujata

[This message has been edited by moderator to mask PII info]

adriencosson
Regular Contributor III
Regular Contributor III

@sxm1067 , If I well understood your requirement :

You can submit only if you do not have the "Admin" as you removed it from the list of SAV Roles.

Therefore either :

  • Remove loggedInUser.replaceAll("'","").split(",").contains('Admin') if this is not necessary or
  • Add an exclamation point as following, because it won't satisfy the condition as you removed it in the form :  !loggedInUser.replaceAll("'","").split(",").contains('Admin')
Regards,
Adrien COSSON

krecpond
New Contributor III
New Contributor III

The use of contains works now. We have been able to implement this by configuring a validation between SAV roles and the drop down action items and and configuring a validation condition in Global Config under Identity Lifecycle --> Register User Form to prevent managers from generating a Scramble ID for users who are not their direct reportee.