Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/18/2024 10:18 PM
Hi,
I have a similar scenario as below mentioned use case where restricting roles based on Employee type:
Use case of Request Roles Query (saviyntcloud.com)
It works fine if user requesting for self. What if requestor is a 'Contractor' type and requesting for others who is type 'Employee, Internal Partner, or Vendor' ? The roles should be available.
Seeking any help on this.
Solved! Go to Solution.
04/18/2024 10:45 PM
Hi @n_p123,
Yes, the role will be available. This role query is used to filter/restrict users who is being assigned or requested for the roles. In your case, this filters requestee's.
We have similar requirement, and 'internals employee user' can request for 'external employee users' for selected role configured in role query.
If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos
04/18/2024 10:53 PM
Thanks for your response, Prem!
The query doesn't work for me as it is either {currentUser} or {requestor} in where condition.
Does the query take requestee's userid as currentuser in case of Request for others?
04/18/2024 11:03 PM
@n_p123 ,
Yes, requestee's userid should be currentUser (users.id={currentUser})
Try the below sample query;
and rl.customproperty1 = (select users.employeeType from Users users where users.id={currentUser} and users.employeeType is not null)
If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos
04/18/2024 11:09 PM
How can connect with you to show my use case & work?
04/18/2024 11:10 PM
04/18/2024 11:16 PM
@PremMahadikar I have to restrict AD roles request for users DO NOT have Active Directory account .
Here is my query:
and rl.customproperty16 in(select a.endpointkey from Accounts a where a.name={currentUser})
04/18/2024 11:59 PM
@n_p123 ,
There are few constraints while using other table names in role query.
Please using dynamic attribute approach. Similar solved article on this request - Solved: Application Roles Request Query based on entitleme... - Saviynt Forums - 37002
If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos
04/19/2024 01:54 AM
@n_p123 ,
Your requirement is to restrict AD Roles requested from ARS if the user doesn't have AD account.
Can you please share additional info on the below details?
04/19/2024 02:24 AM
1. These roles are Enterprise roles currently and tied up with only AD entitlements
2. Role is being requested from ARS-> Enterprise Roles
04/19/2024 03:02 AM
@n_p123 ,
In that case, creating dynamic attribute doesn't work here. The only possible solution is:
We have a global configuration:
Doc link - Configuring Role Requests (saviyntcloud.com)
How it works? The requestor will still be able to see the role but couldn't place a request. A pop up will appear like below.
If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos
04/19/2024 03:10 AM
Thanks u soooo much!! It worked... such a relief!! 🙂
Though I am not getting a popup window like yours... Is there any config for that too? I am getting a message at the bottom of the page.
04/19/2024 03:19 AM - edited 04/19/2024 03:19 AM
@PremMahadikar got it.. once I enable Neo Experience, the new UI shows up and hence popup
04/19/2024 12:09 AM
We had similar requirement where we ended up creating a DA.
The value of DA was mapped to Role CP Values.
Based on DA Population we created Requested Query.