Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Show Entitlements Based on Account Naming Convention

Sivagami
Valued Contributor
Valued Contributor

‎02/21/2024 10:46 AM

My endpoint has both regular accounts and privileged accounts managed.

Let's say we have a user trying to request access for endpoint A, they can choose which account they want to modify (Privileged account - adm.xxxxx / normal account - xxxxx) in the application.

When account name starts with adm.xxxx, I want to show specific entitlements and when account name doesn't contain adm. then I need to show specific entitlements.

How can I retrieve the account name chosen by the user? Do we have any binding variable to use in Entitlement type requestable config?

-Siva

 

Labels:
0 Kudos
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

‎02/21/2024 10:51 AM

Does same user have 2 accounts 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sivagami
Valued Contributor
Valued Contributor
In response to rushikeshvartak

‎02/21/2024 11:41 AM

Yes, @rushikeshvartak !

0 Kudos

AmitM
Valued Contributor
Valued Contributor

‎02/21/2024 11:00 AM - edited ‎02/21/2024 11:02 AM

Hi @Sivagami , we too had this use case. We asked application team to define which entitlements are requestable for admin accounts (4 types of admin accounts ) and which are not. They are storing that information during group creation in an attribute which we import .  We have 4 types of admin accounts and one personal. A dynamic attribute that asks them to select which type of account they are requesting and used that in filtering.

If there is a mismatch meaning user did mistake in selecting type of account - rejecting request in workflow and notify / explain reason in email and ask them to raise again.

If there is a better way , might help us as well but that is what we did.

Thanks,

Amit

 

rushikeshvartak
All-Star
All-Star

‎02/21/2024 11:44 AM

Below is solution 

  • Create Dynamic attribute with below query
  • Use Entitlement customproperty to store entitlement should be visible for Priv/normal account

rushikeshvartak_0-1708544612548.png

Query : select case when name like 'adm%' then 'Privileged' else 'Normal' end as id from accounts where accountkey in (select ${accounts} as id )

rushikeshvartak_1-1708544632754.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

johnson
New Contributor
New Contributor
In response to rushikeshvartak

‎03/06/2024 01:32 PM

Hello. I tried this and I couldn't get it to work. In my scenario I have two users, johnson and johnson.test, both trying to request Ent_A in Test_Endpoint. I only want Ent_A to show for users with .test in their account name. In Ent_A customproperty1 I added "Privileged" as the variable to help define whether it should be shown or not. I replicated your steps from the screen shots, while modifying the query to say name LIKE '%.test', but it did not work. Both users are able to request Ent_A. 

0 Kudos
Copyright © 2024 Khoros, LLC