Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Role owner campaign filters

HarishG
Regular Contributor
Regular Contributor

Hi,

While configuring role owner campaign, is there any way to avoid the roles which are assigned as birthrights to the users?

 

Thanks,

Harish

10 REPLIES 10

naveenss
All-Star
All-Star

Hi @HarishG  you can achieve this by setting the value of customproperty for the role as "BIRTHRIGHT" and then use advanced query during the campaign creation to exclude such roles. Use the query like below

naveenss_0-1720522380557.png

 

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

rushikeshvartak
All-Star
All-Star
  • You can follow role naming convention as BR-
  • OR use roles customproperty to define birthright role.rushikeshvartak_0-1720591101243.png

     


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

HarishG
Regular Contributor
Regular Contributor

Thank you @naveenss and @rushikeshvartak ,

But, there are few roles - which are assigned as birthrights for some users. And remaining users who still need this role will request from ARS.

can we somehow manage to include the role in certification:

  • with only users who request from ARS
  • and avoid users who got is as BR

 

Thanks,

Harish

  • You can use source column from role_user_account table

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@HarishG you can use SOURCE attribute in the role_user_account table to differentiate the roles assigned as BR and role requested by the user. 

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

HarishG
Regular Contributor
Regular Contributor

Thanks @naveenss & @rushikeshvartak ,

But role_user_account table is not working in role query. we are able to use role table and roleowner table

@HarishG can you share the query you are trying?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

HarishG
Regular Contributor
Regular Contributor

Hi @naveenss ,

Query:

and rua.source in ('REQUEST')

HarishG_2-1720775471300.png

 

@HarishG  use below query

and r.id in (select rua.rolekey.id from Role_user_account rua where rua.source='REQUEST')

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

rushikeshvartak_2-1720795343494.png

 

and r.id in (select rua.rolekey.id from Role_user_account rua where rua.source not in ('ZERODAY'))

Different SOurce :

REQUEST
UPDATE_ROLE
ZERODAY

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.