Click HERE to see how Saviynt Intelligence is transforming the industry. |
02/21/2024 10:46 AM
My endpoint has both regular accounts and privileged accounts managed.
Let's say we have a user trying to request access for endpoint A, they can choose which account they want to modify (Privileged account - adm.xxxxx / normal account - xxxxx) in the application.
When account name starts with adm.xxxx, I want to show specific entitlements and when account name doesn't contain adm. then I need to show specific entitlements.
How can I retrieve the account name chosen by the user? Do we have any binding variable to use in Entitlement type requestable config?
-Siva
02/21/2024 10:51 AM
Does same user have 2 accounts
02/21/2024 11:41 AM
Yes, @rushikeshvartak !
02/21/2024 11:00 AM - edited 02/21/2024 11:02 AM
Hi @Sivagami , we too had this use case. We asked application team to define which entitlements are requestable for admin accounts (4 types of admin accounts ) and which are not. They are storing that information during group creation in an attribute which we import . We have 4 types of admin accounts and one personal. A dynamic attribute that asks them to select which type of account they are requesting and used that in filtering.
If there is a mismatch meaning user did mistake in selecting type of account - rejecting request in workflow and notify / explain reason in email and ask them to raise again.
If there is a better way , might help us as well but that is what we did.
Thanks,
Amit
02/21/2024 11:44 AM
Below is solution
Query : select case when name like 'adm%' then 'Privileged' else 'Normal' end as id from accounts where accountkey in (select ${accounts} as id )
03/06/2024 01:32 PM
Hello. I tried this and I couldn't get it to work. In my scenario I have two users, johnson and johnson.test, both trying to request Ent_A in Test_Endpoint. I only want Ent_A to show for users with .test in their account name. In Ent_A customproperty1 I added "Privileged" as the variable to help define whether it should be shown or not. I replicated your steps from the screen shots, while modifying the query to say name LIKE '%.test', but it did not work. Both users are able to request Ent_A.