Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAV Role assignment

Go to solution
Ekata
New Contributor III
New Contributor III

‎04/12/2023 01:26 AM

Hi Team,

I have created a SAV role for certification 'ROLE_CERTIFICATION', now we need to add this sav role to the entitlement owners for the next step through actionable analytics. I tried but could not achieve it. Can we get the reference on this or any sample to add the role. 

Also, how can we add the owners other than requesting from ARS page? Do we have any other option.

Kindly advise on both.

Regards.

Labels:
0 Kudos
5 REPLIES 5

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎04/12/2023 02:33 AM

Hello @Ekata,

You can refer to our document https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Provisioning-or-deprovisioning-assignments-fr... 

Sample Analytic for reference,

Parameter

Description

Analytics Name

Sav Role Assignment (ROLE_MANAGER)

Analytics Query

select

distinct u1.USERNAME, u1.FIRSTNAME,u1.LASTNAME,u1.EMAIL,

case when u1.STATUSKEY=1 then 'Active' when u1.STATUSKEY=0 then 'Inactive' end as UserStatus,

u4.NAME,u5.ENDPOINTNAME,u6.ENTITLEMENTNAME,u7.ENTITLEMENT_VALUE,

'Provision Access' as Default_Action_For_Analytics,

u7.ENTITLEMENT_VALUEKEY as entvaluekey,

u4.ACCOUNTKEY as acctKey,

u4.NAME as accName,

u1.USERKEY as userKey

from users u1

join user_accounts u3 on u1.USERKEY=u3.USERKEY

join accounts u4 on u3.ACCOUNTKEY=u4.ACCOUNTKEY

join endpoints u5 on u4.ENDPOINTKEY=u5.ENDPOINTKEY

join entitlement_types u6 on u5.ENDPOINTKEY=u6.ENDPOINTKEY

join entitlement_values u7 on u6.ENTITLEMENTTYPEKEY=u7.ENTITLEMENTTYPEKEY

where u1.userkey in (SELECT DISTINCT MANAGER FROM users)

and not exists (

select distinct usr1.USERKEY

from user_savroles usr1

join savroles usr2 on usr1.ROLEKEY=usr2.ROLEKEY

where usr2.ROLENAME='ROLE_MANAGER'

and usr1.USERKEY=u1.USERKEY

)

and u5.ENDPOINTNAME='SSM'

and u6.ENTITLEMENTNAME='SAVRole'

and u7.ENTITLEMENT_VALUE='ROLE_MANAGER'

and u1.statuskey=1

and u7.status=1;

Description

For all managers add the default ROLE_MANAGER SAV Role

Allowed Action

Provision Access

Category

Sav Role Assignment Automation

Sub Category

SAV Roles

Risk

Low

Context

None

And also you can achieve it via  using the sav4sav connector and manually triggering add access tasks to add those users to the sav role if it is a one-time process
Note: but for using the sav4sav connector you should have first imported sav roles as entitlements.

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Go to solution
Ekata
New Contributor III
New Contributor III
In response to sudeshjaiswal

‎06/07/2023 05:09 AM

Hi, 

Thanks for the document. Do we need to enable sav4sav connection for analytics as well? If not, how are we checking for the endpoint details to write in analytics. Please advise.

Thanks

0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee
In response to Ekata

‎06/08/2023 10:02 PM

Hello @Ekata,

You don't need to enable Sav4Sav Connections for analytics. We are currently checking the endpoint details by querying the table and retrieving the data from the resources to be written in analytics.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
Ekata
New Contributor III
New Contributor III

‎04/12/2023 04:17 AM

Hi,

Thanks for the response.

The process is a daily job and not a one-time event. The problem here is we need to provide this SAV role to only the entitlement owners. Like the analytic should check the entitlements and for the entitlements having owners, the SAV role should be added to the user profile.

Can you help on this.

Thanks

0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎04/12/2023 06:12 AM - edited ‎04/12/2023 06:14 AM

Hello @Ekata,

You may try this 
SELECT DISTINCT u.username,
                CASE
                  WHEN u.statuskey = 1 THEN 'Active'
                  WHEN u.statuskey = 0 THEN 'Inactive'
                END                     AS UserStatus,
                a.NAME,
                ep.endpointname,
                et.entitlementname,
                ev.entitlement_value,
                'Provision Access'      AS Default_Action_For_Analytics,
                ev.entitlement_valuekey AS entvaluekey,
                a.accountkey            AS acctKey,
                a.NAME                  AS accName,
                u.userkey               AS userKey
FROM   users u
       JOIN user_accounts ua
         ON u.userkey = ua.userkey
       JOIN accounts a
         ON ua.accountkey = a.accountkey
       JOIN endpoints ep
         ON a.endpointkey = ep.endpointkey
       JOIN entitlement_types et
         ON ep.endpointkey = et.endpointkey
       JOIN entitlement_values ev
         ON et.entitlementtypekey = ev.entitlementtypekey
WHERE  u.userkey IN (SELECT DISTINCT userkey
                     FROM   entitlement_owners)
       AND NOT EXISTS (SELECT DISTINCT usr1.userkey
                       FROM   user_savroles usr1
                              JOIN savroles usr2
                                ON usr1.rolekey = usr2.rolekey
                       WHERE  usr2.rolename = 'ROLE_CERTIFICATION'
                              AND usr1.userkey = u.userkey)
       AND ep.endpointname = 'Saviynt'
       AND et.entitlementname = 'SAVRole'
       AND ev.entitlement_value = 'ROLE_CERTIFICATION'
       AND u.statuskey = 1
       AND ev.status = 1; 


Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
Copyright © 2024 Khoros, LLC