and more in a single search tool across platforms. Read the announcement here. |
03/13/2024 09:55 AM
Hello,
Is there any documentation that indicates the behavior around self approve not being allowed for owners and groups? Is this a default behavior or is there a setting that enforces it?
Thanks!
Solved! Go to Solution.
03/13/2024 12:54 PM
Hi @mwalker , could you elaborate the use case a bit.
Below is one way to do self approval / conditional auto approval if you are owner of groups is - using workflow if else condition like :
entitlement.getOwnerRank1().contains(user.username) eq true or entitlement.getOwnerRank1().contains(requestedby.username)
if true , grant access , if false , send it for owner approval.
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.
03/13/2024 01:10 PM
Hi Amit,
I don't have a specific use case as I understand how to do self approval.
I'm looking for documentation or more clarity as to why, by default, an owner cannot self approve an access request for an object they own. Is this an OOTB behavior or is it a setting that is configured?
03/13/2024 01:32 PM - edited 03/13/2024 01:33 PM
This is OOTB feature. You can upvote this - https://ideas.saviynt.com/ideas/EIC-I-5534
And if have am immediate need which you mentioned you dont, you could have used the workflows conditions.
There are valid reason of not doing that, some of other IGA tools also doesn't give that functionality. But then there are valid arguments supporting it as well. Upvote the idea and let's see.
03/13/2024 01:39 PM
Awesome, thanks! Do you happen to know if there is any other documentation about this OOTB feature?
03/13/2024 01:51 PM - edited 03/13/2024 01:52 PM
See this doc - https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter09-SAV-Roles/Delegated-Admin...
This explains one of the ways to let application owner manages their application object (entitlement / Accounts etc in Admin Module) using delegated model.
The self approval / self manage thing for entitlement owner in ARS doesn't exist as of today so I doubt there is any doc for that.