Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Sending approval to Service account Owner's manager

parthaghosh
Regular Contributor
Regular Contributor

Hello Team,

We have a requirement to send the Service account request to the owner's manager for approval. But when we are using the ' Owners Manager Approval' task in the workflow, its not working. Instead of sending the request to Owner's manager, the system administrator is being assigned as approver.

is it the expected behavour of that task?

any advice to achieve the use case will be appreciated. Thanks in advance.

 

regards,

Partha

6 REPLIES 6

smitg
Regular Contributor III
Regular Contributor III

Hi @parthaghosh 

Below query in custom assignment block is working for us

select m.userkey  as userkey from users u, users m where u.owner = m.username and m.statuskey = 1 and u.userkey =(select distinct raa.attribute_value from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and
ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY  and raa.ATTRIBUTE_NAME='USEROWNERKEY' and ar.requestkey=${ARSREQUEST.id})

Thanks,
Smitha

parthaghosh
Regular Contributor
Regular Contributor

thank you Smitha.
many thanks for your response.

It worked. As we dont have owner attribute populated with manager's username, we modified the query a bit. 
here is the updated.
select m.userkey as userkey from users u, users m where u.manager = m.userkey and m.statuskey = 1 and u.userkey =(select distinct raa.attribute_value from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and
ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and raa.ATTRIBUTE_NAME='USEROWNERKEY' and ar.requestkey=${ARSREQUEST.id})

rushikeshvartak
All-Star
All-Star

Refer

https://forums.saviynt.com/t5/application-access-governance/service-account-integration-queries/m-p/...

 

select manager as userkey from users where FIND_IN_SET(users.userkey,(select distinct REPLACE(raa.attribute_value," ","")  from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and  ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and ar.requestkey=${ARSREQUEST.id} and raa.ATTRIBUTE_NAME="USEROWNERKEY"))!=0  union  select users.manager as userkey from usergroup_users, users where usergroup_users.USERKEY = users.USERKEY AND FIND_IN_SET(usergroup_users.user_groupkey,(select distinct REPLACE(raa.attribute_value," ","")  from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and  ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and ar.requestkey=${ARSREQUEST.id} and raa.ATTRIBUTE_NAME="USERGROUPOWNERKEY"))!=0


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Many thanks Rushikesh, for your response.
As we dont have the group as owner, so just using the query in my above response.

Agreed you should consider negative use case as you can’t hide owner type to only user  or user group


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Thats correct Rushikesh. I'll consider that too.
thank you very much.