Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Behavior around self approve not being allowed for owners/groups

Go to solution
mwalker
New Contributor
New Contributor

‎03/13/2024 09:55 AM

Hello,

Is there any documentation that indicates the behavior around self approve not being allowed for owners and groups? Is this a default behavior or is there a setting that enforces it?

Thanks!

0 Kudos
5 REPLIES 5

Go to solution
AmitM
Valued Contributor
Valued Contributor

‎03/13/2024 12:54 PM

Hi @mwalker , could you elaborate the use case a bit. 

Below is one way to do self approval / conditional auto approval if you are owner of groups is - using workflow if else condition like :

entitlement.getOwnerRank1().contains(user.username) eq true or entitlement.getOwnerRank1().contains(requestedby.username)

if true , grant access , if false , send it for owner approval.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

0 Kudos

Go to solution
mwalker
New Contributor
New Contributor
In response to AmitM

‎03/13/2024 01:10 PM

Hi Amit,

I don't have a specific use case as I understand how to do self approval.

I'm looking for documentation or more clarity as to why, by default, an owner cannot self approve an access request for an object they own. Is this an OOTB behavior or is it a setting that is configured? 

0 Kudos

Go to solution
AmitM
Valued Contributor
Valued Contributor
In response to mwalker

‎03/13/2024 01:32 PM - edited ‎03/13/2024 01:33 PM

This is OOTB feature. You can upvote this - https://ideas.saviynt.com/ideas/EIC-I-5534

And if have am immediate need which you mentioned you dont, you could have used the workflows conditions.

There are valid reason of not doing that, some of other IGA tools also doesn't give that functionality. But then there are valid arguments supporting it as well. Upvote the idea and let's see.

 

Go to solution
mwalker
New Contributor
New Contributor
In response to AmitM

‎03/13/2024 01:39 PM

Awesome, thanks! Do you happen to know if there is any other documentation about this OOTB feature?

0 Kudos

Go to solution
AmitM
Valued Contributor
Valued Contributor
In response to mwalker

‎03/13/2024 01:51 PM - edited ‎03/13/2024 01:52 PM

See this doc - https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter09-SAV-Roles/Delegated-Admin...

This explains one of the ways to let application owner manages their application object (entitlement / Accounts etc in Admin Module) using delegated model.

The self approval / self manage thing for entitlement owner in ARS doesn't exist as of today so I doubt there is any doc for that.

0 Kudos
Copyright © 2024 Khoros, LLC