We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Sending approval to Service account Owner's manager

parthaghosh
New Contributor III
New Contributor III

Hello Team,

We have a requirement to send the Service account request to the owner's manager for approval. But when we are using the ' Owners Manager Approval' task in the workflow, its not working. Instead of sending the request to Owner's manager, the system administrator is being assigned as approver.

is it the expected behavour of that task?

any advice to achieve the use case will be appreciated. Thanks in advance.

 

regards,

Partha

6 REPLIES 6

smitg
Regular Contributor III
Regular Contributor III

Hi @parthaghosh 

Below query in custom assignment block is working for us

select m.userkey  as userkey from users u, users m where u.owner = m.username and m.statuskey = 1 and u.userkey =(select distinct raa.attribute_value from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and
ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY  and raa.ATTRIBUTE_NAME='USEROWNERKEY' and ar.requestkey=${ARSREQUEST.id})

Thanks,
Smitha

parthaghosh
New Contributor III
New Contributor III

thank you Smitha.
many thanks for your response.

It worked. As we dont have owner attribute populated with manager's username, we modified the query a bit. 
here is the updated.
select m.userkey as userkey from users u, users m where u.manager = m.userkey and m.statuskey = 1 and u.userkey =(select distinct raa.attribute_value from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and
ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and raa.ATTRIBUTE_NAME='USEROWNERKEY' and ar.requestkey=${ARSREQUEST.id})

rushikeshvartak
All-Star
All-Star

Refer

https://forums.saviynt.com/t5/application-access-governance/service-account-integration-queries/m-p/...

 

select manager as userkey from users where FIND_IN_SET(users.userkey,(select distinct REPLACE(raa.attribute_value," ","")  from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and  ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and ar.requestkey=${ARSREQUEST.id} and raa.ATTRIBUTE_NAME="USEROWNERKEY"))!=0  union  select users.manager as userkey from usergroup_users, users where usergroup_users.USERKEY = users.USERKEY AND FIND_IN_SET(usergroup_users.user_groupkey,(select distinct REPLACE(raa.attribute_value," ","")  from request_access_attrs raa , ars_requests ar, request_access ra WHERE ar.REQUESTKEY = ra.REQUESTKEY and  ra.REQUEST_ACCESSKEY = raa.REQUEST_ACCESS_KEY and ar.requestkey=${ARSREQUEST.id} and raa.ATTRIBUTE_NAME="USERGROUPOWNERKEY"))!=0


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Many thanks Rushikesh, for your response.
As we dont have the group as owner, so just using the query in my above response.

Agreed you should consider negative use case as you can’t hide owner type to only user  or user group


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thats correct Rushikesh. I'll consider that too.
thank you very much.