Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/14/2024 12:09 AM - edited 08/20/2024 03:21 AM
Hi All,
I'm trying to achieve one use case where i need to trigger task for Active directory upon detecting the pending task for a specific endpoint XYZ. I created a actionable analytics query to be able to find those tasks and upon Job run, it should create a task for a specific entitlement mentioned in he SQL query as shown below:
SELECT DISTINCT ev.entitlement_valuekey AS entvaluekey,
ev.entitlement_value,
a.accountkey AS acctKey,
a.name AS accName,
u.userKey,
'Provision Access' AS "Default_Action_For_Analytics",
NOW() AS "Date_Ran"
FROM
entitlement_values ev
INNER JOIN entitlement_types et ON ev.entitlementtypekey = et.entitlementtypekey
INNER JOIN accounts a ON a.accountkey IN (
SELECT ua.accountkey
FROM user_accounts ua
INNER JOIN arstasks at ON at.userkey = ua.userkey
WHERE at.endpoint = (SELECT endpointkey FROM endpoints WHERE endpointname = 'endpointname' LIMIT 1)
AND at.status = 1
AND at.tasktype = 3
)
INNER JOIN user_accounts ua ON ua.accountkey = a.accountkey
INNER JOIN Users u ON u.userKey = ua.userkey
INNER JOIN arstasks at ON at.userkey = u.userKey AND at.accountname = a.name
WHERE
et.endpointkey = (SELECT endpointkey FROM endpoints WHERE ENDPOINTNAME = 'Active Directory' LIMIT 1)
AND ev.ENTITLEMENT_VALUE = 'CN=xxxxx,OU=xxxxx test OU,DC=xxxx,DC=xxxx,DC=net'
AND at.status = 1
AND at.tasktype = 3
AND at.endpoint = (SELECT endpointkey FROM endpoints WHERE endpointname = 'endpointname' LIMIT 1)
GROUP BY
ev.entitlement_valuekey,
ev.entitlement_value,
a.accountkey,
a.name,
u.userKey;
Expected outcome: The query should be able to detect new account tasks for the given endpoint in the above query and should be able to create task for AD upon job run.
Current issue: The query is unable to fetch those tasks and is unable to create task for AD for the given entitlement for AD.
Could you please provide your insights if the query needs to be refactored or is there anything needs to be changed in it.
Much thanks,
Kundan Pathak
Solved! Go to Solution.
08/14/2024 05:43 AM
SELECT DISTINCT
ev.entitlement_valuekey AS entvaluekey,
ev.entitlement_value,
a.accountkey AS acctKey,
a.name AS accName,
u.userKey,
'Provision Access' AS "Default_Action_For_Analytics",
NOW() AS "Date_Ran"
FROM
entitlement_values ev
INNER JOIN entitlement_types et ON ev.entitlementtypekey = et.entitlementtypekey
INNER JOIN accounts a ON a.accountkey = ua.accountkey
INNER JOIN user_accounts ua ON ua.accountkey = a.accountkey
INNER JOIN Users u ON u.userKey = ua.userkey
INNER JOIN arstasks at ON at.userkey = u.userKey
AND at.accountname = a.name
AND at.status = 1
AND at.tasktype = 3
AND at.endpoint = (SELECT endpointkey FROM endpoints WHERE endpointname = 'Docusign - BPPR' LIMIT 1)
WHERE
et.endpointkey = (SELECT endpointkey FROM endpoints WHERE endpointname = 'Active Directory' LIMIT 1)
AND ev.ENTITLEMENT_VALUE = 'CN=xxxxx,OU=xxxxx test OU,DC=xxxx,DC=xxxx,DC=net'
GROUP BY
ev.entitlement_valuekey,
ev.entitlement_value,
a.accountkey,
a.name,
u.userKey;
08/20/2024 12:04 AM
08/20/2024 12:06 AM - edited 08/20/2024 12:07 AM
Hi @Kundan960, you can use entitlement with new account feature instead of using analytics.
When they request for an account in endpoint xyz after approval task will be created for specific entitlement.
08/20/2024 03:10 AM
Hi @NM ,
We have some different requirement to trigger this only for specific type of users hence we are proceeding with actionable analytics and not via the option of Enntitltment with new account feature.
08/20/2024 03:18 AM
hi @rushikeshvartak ,
This query throws error with the message:
08/20/2024 03:23 AM
Hi @Kundan960 user accounts table doesn't contain entitlement value key column .. if you want to check entitlement use account_entitlement1 table.
08/20/2024 05:38 AM - edited 08/20/2024 05:41 AM
Hi @NM / @rushikeshvartak , i ran separate queries to detect the tasks and recognize entitlemtn including the account_entitlement1 table:
Query to detect tasks :
SELECT
at.userkey AS userKey,
at.accountname AS accountName,
at.status AS taskStatus,
at.tasktype AS taskType,
at.endpoint AS taskEndpoint
FROM
arstasks at
WHERE
at.endpoint = (SELECT endpointkey FROM endpoints WHERE endpointname = 'endpointname' LIMIT 1);
Query to fetch entitlement value:
SELECT
ev.entitlement_valuekey,
ev.entitlement_value,
et.endpointkey
FROM
entitlement_values ev
INNER JOIN entitlement_types et ON ev.entitlementtypekey = et.entitlementtypekey
WHERE
et.endpointkey = (SELECT endpointkey FROM endpoints WHERE endpointname = 'Active Directory' LIMIT 1)
AND ev.entitlement_value = 'CN=xxx,xxx,xxx,xxx,DC=net'
LIMIT 10; -- Limit results to 10 for quick verification
Combined query:
SELECT DISTINCT
ev.entitlement_valuekey AS entvaluekey,
ev.entitlement_value,
a.accountkey AS acctKey,
a.name AS accName,
u.userkey AS userKey,
'Provision Access' AS "Default_Action_For_Analytics",
NOW() AS "Date_Ran"
FROM
entitlement_values ev
INNER JOIN entitlement_types et ON ev.entitlementtypekey = et.entitlementtypekey
INNER JOIN account_entitlement1 ae ON ae.entitlement_valuekey = ev.entitlement_valuekey
INNER JOIN accounts a ON a.accountkey = ae.accountkey
INNER JOIN user_accounts ua ON ua.accountkey = a.accountkey
INNER JOIN users u ON u.userkey = ua.userkey
INNER JOIN arstasks at ON at.userkey = u.userkey
AND at.accountname = a.name
AND at.status = 1
AND at.tasktype = 3
AND at.endpoint = (SELECT endpointkey FROM endpoints WHERE endpointname = 'endpointname' LIMIT 1)
WHERE
et.endpointkey = (SELECT endpointkey FROM endpoints WHERE endpointname = 'Active Directory' LIMIT 1)
AND ev.entitlement_value = 'CN=xxx,xxx,xxx,xxx,DC=net'
GROUP BY
ev.entitlement_valuekey,
ev.entitlement_value,
a.accountkey,
a.name,
u.userkey;
Combined query doesn't return any results even though few task are present in the Pending Tasks page.
Please advice.
Much thanks,
Kundan Pathak
08/20/2024 05:51 AM
SELECT DISTINCT ev.entitlement_valuekey AS entvaluekey,
ev.entitlement_value,
a.accountkey AS acctKey,
a.name AS accName,
u.userkey AS userKey,
'Provision Access' AS "Default_Action_For_Analytics",
Now() AS "Date_Ran"
FROM entitlement_values ev
INNER JOIN entitlement_types et
ON ev.entitlementtypekey = et.entitlementtypekey
INNER JOIN account_entitlements1 ae
ON ae.entitlement_valuekey = ev.entitlement_valuekey
INNER JOIN accounts a
ON a.accountkey = ae.accountkey
INNER JOIN user_accounts ua
ON ua.accountkey = ae.accountkey
INNER JOIN users u
ON u.userkey = ua.userkey
INNER JOIN arstasks at
ON at.userkey = u.userkey
AND at.accountname = a.name
AND at.status = 1
AND at.tasktype = 3
AND at.endpoint = (SELECT endpointkey
FROM endpoints
WHERE endpointname = 'Docusign - BPPR'
LIMIT 1)
WHERE et.endpointkey = (SELECT endpointkey
FROM endpoints
WHERE endpointname = 'Active Directory'
LIMIT 1)
AND ev.entitlement_value =
'CN=xxxxx,OU=xxxxx test OU,DC=xxxx,DC=xxxx,DC=net'
GROUP BY ev.entitlement_valuekey,
ev.entitlement_value,
a.accountkey,
a.name,
u.userkey;
08/20/2024 06:11 AM - last edited on 08/20/2024 08:35 AM by Sunil
Hi @rushikeshvartak ,
Thanks for the query. It is still unable to detect tasks for the the same. Screenshot for your review:
Pending tasks for endpoint:
Query when run in the Analytics:
Looks like the query is not able to filter the tasks or perhaps not able to recognize the endpoint inspite of correct AD group and endpointname.
Thanks,
Kundan Pathak
[This message has been edited by moderator to mask sensitive information]
08/20/2024 06:15 AM
You need to fix. Break query in smaller chunks and find issue
08/20/2024 06:16 AM
SELECT DISTINCT
ev.entitlement_valuekey AS entvaluekey,
ev.entitlement_value,
a.accountkey AS acctKey,
a.name AS accName,
u.userkey AS userKey,
'Provision Access' AS "Default_Action_For_Analytics",
NOW() AS "Date_Ran"
FROM
entitlement_values ev
INNER JOIN entitlement_types et ON ev.entitlementtypekey = et.entitlementtypekey
INNER JOIN account_entitlement1 ae ON ae.entitlement_valuekey = ev.entitlement_valuekey
INNER JOIN accounts a ON a.accountkey = ae.accountkey
INNER JOIN user_accounts ua ON ua.accountkey = a.accountkey
INNER JOIN users u ON u.userkey = ua.userkey
INNER JOIN arstasks at ON at.userkey = u.userkey
AND at.accountname = a.name
AND at.status = 1
AND at.tasktype = 3
AND at.endpoint = (SELECT endpointkey FROM endpoints WHERE endpointname = 'endpointname' LIMIT 1)
WHERE
et.endpointkey = (SELECT endpointkey FROM endpoints WHERE endpointname = 'Active Directory' LIMIT 1)
AND ev.entitlement_value = 'CN=xxx,xxx,xxx,xxx,DC=net'
GROUP BY
ev.entitlement_valuekey,
ev.entitlement_value,
a.accountkey,
a.name,
u.userkey;