Saviynt Forums

n_p123 · ‎04/18/2024

Hi,

I have a similar scenario as below mentioned use case where restricting roles based on Employee type:

Use case of Request Roles Query (saviyntcloud.com)

It works fine if user requesting for self. What if requestor is a 'Contractor' type and requesting for others who is type 'Employee, Internal Partner, or Vendor' ? The roles should be available.

Seeking any help on this.

PremMahadikar · ‎04/18/2024

Hi @n_p123,

Yes, the role will be available. This role query is used to filter/restrict users who is being assigned or requested for the roles. In your case, this filters requestee's.

We have similar requirement, and 'internals employee user' can request for 'external employee users' for selected role configured in role query.

If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos

Best,
Prem Mahadikar

n_p123 · ‎04/18/2024

Thanks for your response, Prem!

The query doesn't work for me as it is either {currentUser} or {requestor} in where condition.

Does the query take requestee's userid as currentuser in case of Request for others?

PremMahadikar · ‎04/18/2024

@n_p123 ,

Yes, requestee's userid should be currentUser (users.id={currentUser})

Try the below sample query;

and rl.customproperty1 = (select users.employeeType from Users users where users.id={currentUser} and users.employeeType is not null)

If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos

Best,
Prem Mahadikar

n_p123 · ‎04/18/2024

How can connect with you to show my use case & work?

PremMahadikar · ‎04/18/2024

@n_p123 ,

Can you please share the role query you are using?

Best,
Prem Mahadikar

n_p123 · ‎04/18/2024

@PremMahadikar I have to restrict AD roles request for users DO NOT have Active Directory account .

Here is my query:

and rl.customproperty16 in(select a.endpointkey from Accounts a where a.name={currentUser})

PremMahadikar · ‎04/18/2024

@n_p123 ,

There are few constraints while using other table names in role query.

Please using dynamic attribute approach. Similar solved article on this request - Solved: Application Roles Request Query based on entitleme... - Saviynt Forums - 37002

If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos

Best,
Prem Mahadikar

PremMahadikar · ‎04/19/2024

@n_p123 ,

Your requirement is to restrict AD Roles requested from ARS if the user doesn't have AD account.

Can you please share additional info on the below details?

Are these roles configured under endpoint->roletype when you say AD role?
How is the role being requested in ARS currently?

Best,
Prem Mahadikar

n_p123 · ‎04/19/2024

@PremMahadikar

1. These roles are Enterprise roles currently and tied up with only AD entitlements

2. Role is being requested from ARS-> Enterprise Roles

PremMahadikar · ‎04/19/2024

@n_p123 ,

In that case, creating dynamic attribute doesn't work here. The only possible solution is:

We have a global configuration:

Doc link - Configuring Role Requests (saviyntcloud.com)

How it works? The requestor will still be able to see the role but couldn't place a request. A pop up will appear like below.

If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos

Best,
Prem Mahadikar

n_p123 · ‎04/19/2024

Thanks u soooo much!! It worked... such a relief!! 🙂

Though I am not getting a popup window like yours... Is there any config for that too? I am getting a message at the bottom of the page.

n_p123 · ‎04/19/2024

@PremMahadikar got it.. once I enable Neo Experience, the new UI shows up and hence popup

Manu269 · ‎04/19/2024

We had similar requirement where we ended up creating a DA.

The value of DA was mapped to Role CP Values.

Based on DA Population we created Requested Query.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.