and more in a single search tool across platforms. Read the announcement here. |
02/16/2024 02:49 PM
I am trying to create a self certification to certify only accounts from particular endpoints and not the entitlements associated with accounts. However, when I designate only 'Accounts' in the 'Objects to be included in Certification' section, I observe that only accounts without entitlements are incorporated into the certification, and those with one or more entitlements are omitted.
On the other hand, if I include both 'Accounts' and 'Entitlements' in the 'Objects to be included in Certification' section, all accounts and entitlements are added to the certification. Despite attempting to filter entitlements using an Advanced query with an invalid condition, such as:
the outcome remains consistent—only accounts lacking entitlements are included in the certification.
02/19/2024 07:07 PM
Its working as expected
ae1.accountkey not in (select a.id from Accounts a where a.endpointkey=95)
02/20/2024 06:49 AM
@rushikeshvartak tried the same thing. With this filter query as well, i see only one account for the user which has no entitlements. But the user actually has three accounts - one with no entitlements and two with entitlements.
03/02/2024 04:06 PM - edited 03/02/2024 04:18 PM
To achieve the desired level of filtering, you can explore some alternative approaches leveraging the self-certification options and the information you provided here. Here are some potential solutions.
Here, you may Leverage User Attribute Filtering:
Instead of relying solely on entitlements, you can utilize user attributes to filter the accounts included in your certification.
Identify a user attribute that uniquely identifies the endpoints from which authorized accounts originate. This could be a department code or a custom attribute specific to your environment.
Configure the self-certification to filter based on this user attribute. This should allow you to include accounts associated with the desired endpoints while excluding those from other endpoints, regardless of their entitlements.
Other options:-
Since including both "Accounts" and "Entitlements" in the certification settings results in all accounts and entitlements being added, consider creating separate certifications for accounts and entitlements. Configure one certification to focus solely on accounts from specific endpoints and another certification for the associated entitlements. This approach allows for better control and granularity in the certification process.
03/06/2024 12:38 PM
@Jayminunadkat We dont have much filter to be applied - the requirement is to self certify all the accounts only (no entitlemnts required to be certified) from specified set of endpoints.