We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Saviynt App for ServiceNow does not honor requestable value for roles?

Jari_K
New Contributor III
New Contributor III

Hi,

In Saviynt we have option to set roles available for request by setting the requestable value true or false. Seems that this does not work when using ServiceNow as request form with Saviynt app?

Requestable property is synced to roles in ServiceNow but the request forms will still show the roles requestable even requestable property is set to false.

Should the app filter out those roles that have requestable set to false? Currently it seems to hide only when active is set to false. There are some use cases where specific roles should be only assigned based on rules instead of requests. How to prevent those roles to be requested? There are filters for users and applications but not for roles.

Also when requesting application roles the form shows applications in the dropdown menu which do not have any application roles defined? Can those be hidden somehow? Setting whole application inactive or filterin it out from sync is not an option.

2 REPLIES 2

saikanumuri
Saviynt Employee
Saviynt Employee

Hi @Jari_K

Thanks for reaching out. 
For #1, Currently, it's not possible to hide the roles based on the requestable field. however, as a workaround, you can define the condition in the workflow and auto-reject the request if the role that has requestable set to false is being requested. With this approach, you can also add the role names (that need to be assigned only through rules) in the if else condition block and auto-reject it.

For #2, Are you looking to hide the complete Application field when requesting the application role? If so, You can set the application variable under the Request Application Role catalog item to false.

saikanumuri_0-1701414042095.png

 

Jari_K
New Contributor III
New Contributor III

Thanks for responding @saikanumuri 

#1 Thought so. Because we don't want end users to request something that will be rejected automatically did some additional research on ServiceNow catalog items and variables. Seems that ServiceNow app sets reference qualifier in the script to accept all active roles within the selected application:

filterApplicationRoles: function(application) {
return "role_type=Application^active=true^application=" + application;
}

the script itself cannot be modified but the reference qualifier can be changed on the variable so that way we actually can choose which roles to show.

#2 Due to the code I pasted above completely hiding the application selection doesn't work. Otherwise application roles are not shown since the application field is always empty. But by modifying the application variable's reference qualifier I think hiding "empty" applications could be doable. Just need to figure out the correct query. Atleast we can easily filter out application that have requestable = false.

But this is quite stupid that we have to bypass the Saviynt App behavior to make it follow the requestable property. Should be out of the box functionality like it is in Saviynt ARS.