Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role Ownership Transfer is not working when Advanced query is used in User update rule

Dhiraj_Yadav_1
New Contributor III
New Contributor III

‎04/04/2024 03:36 AM

Hi,
 
We are facing an issue where Role Ownership Transfer is not working when Advanced query is used in User update rule.
 
When we use simple condition in user update rule like below, it works as expected and replaces role owner on user disablement. but this rule will trigger for everyone who becomes inactive, hence we want to use advance query for better performance so that rule will trigger for the users who becomes inactive and are actually role owners and will send out Ownership Transfer emails to New Owners.
 
Dhiraj_Yadav_1_3-1712226171659.png
 
But when we use advance query like below, it is not working at all:
((##a.statuskey isupdated##) and a.statuskey = '0' and a.customproperty24 = 'Workday' and a.email like '%abc.com%' and a.username in (select u1.username from Users u1, role_owners ro1, roles r1  where u1.id=ro1.userkey and r1.id=ro1.rolekey))
 
Error we get : org.springframework.orm.hibernate3.HibernateQueryException: role_owners is not mapped 
 
We already have a user update rules for endpoints and entitlements with below advance query and they are working fine:
Entitlement  Ownership Transfer:
((##a.statuskey isupdated##) and a.statuskey = '0' and a.customproperty24 = 'Workday' and a.email like '%abc.com%' and a.username in (select u1.username from Users u1,Entitlement_owners eo1,Entitlement_values es1  where u1.id=eo1.userkey and es1.id=eo1.entitlement_valuekey))
 
Resource Ownership Transfer:
((##a.statuskey isupdated##) and a.statuskey = '0' and a.customproperty24 = 'Workday' and a.email like '%abc.com%' and a.username in (select u1.username from Users u1,Endpoints ep1 where u1.id = ep1.requestowner))
 
We had raised a Support FD Ticket: 2014513 where the agent informed that Role_owner table is not exposed in advance query and hence we also raised an Idea to expose the same in advance query: EIC-I-5444 , Please upvote the idea.
 
Although this Saviynt Post talks about HQL table names, but it doesnt mentions role_owners table, But I tried following camel case rule for HQL i.e Role_owners, but received the same error: Role_owners is not mapped
 
Could you please help us here with alternate approach/ solution
 
Thanks,
Dhiraj Yadav
0 Kudos
1 REPLY 1

rushikeshvartak
All-Star
All-Star

‎04/04/2024 12:00 PM

You need to go with basic query approach without email template. Until product enhancement is available and ready for use


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC