No ratings
Saviynt Employee
Saviynt Employee

Use Case

Access can be assigned to an account in  SSM via multiple ways, either via SSM, directly through the application on the target system or via other IAM platforms that may have previously been used. All access or entitlements assigned to accounts outside Saviynt  are called Out of Band Entitlements  or Out Of Band Access.  The report below can be used to leverage identifying  Out of Band Entitlements in SSM via analytics. 


Out-Of-Band Entitlements should be present in Saviynt.

Applicable Version(s)




Please configure an analytical report using the query given below:

SELECT u.username,
FROM   users u,
       user_accounts ua,
       accounts a,
       account_entitlements1 ae1,
       entitlement_values ev,
       entitlement_types et,
       endpoints ep
WHERE  u.userkey = ua.userkey
AND    a.accountkey = ua.accountkey
AND    a.accountkey = ae1.accountkey
AND    ae1.entitlement_valuekey = ev.entitlement_valuekey
AND    ep.endpointkey = a.endpointkey
AND    ev.entitlementtypekey = et.entitlementtypekey
AND    ep.endpointkey IN (pleaseINSERT comma-seperated endpointkeys here)
AND    ae1.arstaskkey IS NULL;

NOTE: Please modify the endpoint keys according to your own requirements.



Version history
Last update:
‎09/05/2023 01:00 AM
Updated by: