Role based provision

Gopi
New Contributor
New Contributor

Hi team,

The use case is:

If the user has an AD account then only some roles(Privileged roles) must be provided to users.

Is there any option restricting users at the role level using some access query or other options?

Thanks,

Gopi.

3 REPLIES 3

rushikeshvartak
All-Star
All-Star

You can restrict same using dynamic attribute on request form.

 

Dynamic Attribute Name :- isPrivilegeAccess

Query :  select name,case when a.accountkey not in (select ae1.accountkey from account_entitlements1 ae1) then 'Privileged roles'' when a.accountkey in (select ae1.accountkey from account_entitlements1 ae1) then 'No Access to Privileged roles'' end as id
from accounts a where a.endpointkey=1 and a.status=1

Use above dynamic attribute in Entitlement Type Config for Requestable Entitlement in ARS

ev.status1 and  ev.customproperty=${isPrivilegeAccess}

 

Use some Privilege Entitlement Customproperty eg. Customproperty1 = 'Privileged roles'

Hi Rushikesh,

Could you please elaborate more on this like:

1. The flow where to start and where to end.

2. Use some Privilege Entitlement Customproperty eg. Customproperty1 = 'Privileged roles' (On this do I need to hardcode this at entitlement level).

3. So in this attribute Config for Requestable Entitlement in ARS do I need to put this value ev.status1 and ev.customproperty=${isPrivilegeAccess}?

4. Query: select name,case when a.accountkey not in (select ae1.accountkey from account_entitlements1 ae1) then 'Privileged roles'' when a.accountkey in (select ae1.accountkey from account_entitlements1 ae1) then 'No Access to Privileged roles'' end as id
from accounts a where a.endpointkey=1 and a.status=1. Where this query needs to be past.

Thanks,

Gopinath R.

Yes all correct steps