Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Restriction of number of entitlements to user

Prithviraj
New Contributor II
New Contributor II

Hi Everyone,

We have request where, when one user has more than or equal to 1024 entitlement of same account then Saviynt should pop out an message that they cannot add/provision more entitlement to the user.

To perform the same we need to count the entitlements assigned to the user to which I  observed some Saviynt post as "count" function is not able to perform as expected in workflow. Hence want your opinion if there are any other ways we can achieve this?

Your response is really appreciated.

Thanks,
Prithviraj

6 REPLIES 6

rushikeshvartak
All-Star
All-Star
  • There is no issue with count variable in latest 24.x version. 
  • You can use dynamic attribute for same and make it mandatory if access exceeds 1000+ entitlement block user from submission of request

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Amit_Malik
Valued Contributor II
Valued Contributor II

you can use dynamic attribute. Use it in workflow like (dynamicAttributes.get('AssociationLimit') eq '1000')

AssociationLimit is dynamic attribute name

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

NM
Honored Contributor II
Honored Contributor II

Hi @Prithviraj, count function works fine.

Create a dynamic attribute which will check the account and display a message that you are not allowed to raise more request contact admin something.

And even if they still submit it reject in workflow.

Prithviraj
New Contributor II
New Contributor II

Thank you for your suggestion @NM @Amit_Malik @rushikeshvartak , let me analyze the options suggested by you, i will coma back with an response.

 

follow detailed steps mentioned by me here https://forums.saviynt.com/t5/identity-governance/in-access-request-user-should-be-shown-entitlement... 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Prithviraj
New Contributor II
New Contributor II

Hi Everyone,

I created the dynamic attribute, but from what i observe is that if i am requesting for a user who already has 1023 entitlement and i requested 2 more entitlement then i was able to request those entitlement as it satisfied the condition, but then the total entitlement count goes above 1025, which defies the use case, hence wanted to know is there a way we can do dynamic entitlement calculation when i am requesting.

Thanks