Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict entitlements assigned from role in ARS

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎11/10/2023 06:11 AM

Is there a way to restrict users from being able to request to remove the access from the ARS directly that was assigned through a role ?

In the 'Config for Selected Entitlements' option in Entitlement Types, we were not able to add any fields from any other tables other that entitlement_values.

 

Labels:
0 Kudos
6 REPLIES 6

sk
All-Star
All-Star

‎11/10/2023 06:50 AM

@SUMAIYA_BABU : Did you try using subqueries here? and output of that query should be column related to entitlement_values.

Can you please share the query you attempted? 

We definitely used another table reference successfully in "Config for Requestable Entitlement in ARS" So I believe it should work for selected entitlements as well


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎11/10/2023 02:33 PM

Hi Saathvik,

 

This is the query we have:

ev.entitlement_value not in (select ev1.entitlement_value from account_entitlements1 ae1,entitlement_values ev1,user_accounts ua where ev1.entitlement_valuekey=ae1.entitlement_valuekey and ae1.assignedfromrole is not null and ua.accountkey=ae1.accountkey and ua.userkey=${requestee}).

We also tried creating a dynamic variable at the endpoint level with this subquery and adding the dynamic variable in the entitlement type. That didnt work as well.

0 Kudos

sk
All-Star
All-Star
In response to SUMAIYA_BABU

‎11/14/2023 08:38 AM

@SUMAIYA_BABU : Does this query giving expected output in data analyzer if you hardcord the requestee value?

(select ev1.entitlement_value from account_entitlements1 ae1,entitlement_values ev1,user_accounts ua where ev1.entitlement_valuekey=ae1.entitlement_valuekey and ae1.assignedfromrole is not null and ua.accountkey=ae1.accountkey and ua.userkey=${requestee})


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor
In response to sk

‎11/14/2023 11:36 AM

yes...its working from data analyzer.

0 Kudos

sk
All-Star
All-Star
In response to SUMAIYA_BABU

‎11/14/2023 12:07 PM

@SUMAIYA_BABU: Try this

 

ev.id in (select ae1.entitlement_valuekey from Account_entitlements1 ae1 where ae1.assignedFromRole is not null and ae1.accountkey=(select ua.accountkey from User_accounts ua where ua.userkey=${requestee}))

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee
In response to SUMAIYA_BABU

‎11/17/2023 04:32 AM

{
"PREPROCESSQUERIES": [
"IF (SELECT COUNT(*) FROM account_entitlements1 ae1, entitlement_values ev1, user_accounts ua WHERE ev1.entitlement_valuekey = ae1.entitlement_valuekey AND ae1.assignedfromrole IS NOT NULL AND ua.accountkey = ae1.accountkey AND ua.userkey = ${requestee}) > 0 THEN SET REQUEST_REMOVAL_FLAG = 0; END IF;"
]
}

0 Kudos
Copyright © 2024 Khoros, LLC