Saviynt Forums

tpawle · ‎12/13/2023

Hello Team,

We are working on one use case where we need to filter the role,branch region on the request form based on conditions where:

Admins should have access to all region/branches, Area managers should have access to all branches within the region of area managers. We have similar set of other role-->region-->branch selection mappings.

How can we use case condition to filter out the set of role->region->branch mapping? Below is the query which is throwing syntax error in Config for requestable entitlement in ARS.

CASE WHEN '${AppRole}' = 'Admin' THEN 1=1 ELSE ev.customproperty1 in (select costcenter from Users where userkey in (${requestee})) END

Thanks

rushikeshvartak · ‎12/13/2023

Use ternary operator instead of case when. HQL should be used.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tpawle · ‎12/14/2023

Hi @rushikeshvartak ,

I tried using the ternary operators as below:

'${AppRole}' == 'Admin' ? 1=1 : ev.customproperty1 in (select costcenter from Users where userkey in (${requestee}))

if('${AppRole}' = 'Admin', 1=1, ev.customproperty1 in (select costcenter from Users where userkey in (${requestee})))

I am still getting syntax error :

Could you please help me out on this ?

Thanks

Rajesh-R · ‎12/14/2023

@tpawle

Please try the following:

${(AppRole=='Admin')? return '1==1': return 'ev.customproperty1 in (select costcenter from Users where userkey in ('+requestee+'));'}

Thanks
Rajesh Ramalingam
Saviynt India

tpawle · ‎12/14/2023

Hello @Rajesh-R ,

This is throwing Syntax error:

Is there any other approach the given conditions can be achieved in Entitlement type?

Rajesh-R · ‎12/14/2023

Please try the below:

((${AppRole}='Admin' and 1=1) or (${AppRole}!='Admin' and ev.customproperty1 in (select costcenter from Users where userkey in (${requestee}))))

Thanks
Rajesh Ramalingam
Saviynt India

tpawle · ‎12/14/2023

Hi @Rajesh-R ,

Thanks for your prompt response.

I tried the above query and it is still throwing Syntax Error.

Rajesh-R · ‎12/14/2023

is AppRole your Dynamic Attribute?

Thanks
Rajesh Ramalingam
Saviynt India

tpawle · ‎12/14/2023

Hi Rajesh, AppRole is an dynamic attribute as well as an entitlement type that we are using to filter based on selection of approle->region will be populated-->branch will be populated upon region selection.

Rajesh-R · ‎12/14/2023

Could you drop a screenshot of dynamic attribute list from your Endpoints

Thanks
Rajesh Ramalingam
Saviynt India

tpawle · ‎12/14/2023

Here is the screenshot of the dynamic attribute from the endpoint.

Let me know if you need any more details.

Rajesh-R · ‎12/14/2023

@tpawle

Try the following:

(('${AppRole}'='Admin' and 1=1) or ('${AppRole}'!='Admin' and ev.customproperty1 in (select costcenter from Users where userkey in (${requestee}))))

Refer the usage here:

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/Viewi...

Search for : Config For Requestable Entitlement In ARS

Thanks
Rajesh Ramalingam
Saviynt India

Rajesh-R · ‎12/14/2023

@tpawle - Try the following:

(('${AppRole}'='Admin' and 1=1) or ('${AppRole}'!='Admin' and ev.customproperty1 in (select costcenter from Users where userkey in (${requestee}))))

Thanks
Rajesh Ramalingam
Saviynt India

Saviynt Forums

Using CASE condition in Config for Requestable entitlement in ARS