Attestation policy - Edit condition

Question

Hi, 
 We are setting up an Attestation Policy and need to limit the Attestation Campain to one spesific Department. 
 That way we will limit the number of attestation objects. 
 
 This is a System Role Membership attestation (Attestation Procedure) 
 And our "Condition" looks like this: 
 (EXISTS (select top 1 1 FROM (SELECT UID_ESet FROM ESet WHERE UID_ESet IN ('29971925-d5c9-4f84-9adc-6d57434e5d8d')) x WHERE x.UID_ESet = PersonHasESet.UID_ESet)) 
 This condition is created in the webportal and copied to One Identity Manager for customizing. 
 
 How do we in this case include a spesific Department in the Where-clause? 
 
 Kind Regards 
 Stig Hylen

Barry Jackson · Answer

Hi Stig, 
 Assuming by one specific department you mean that the identities are in one specific department then this might be what you need: 
 xobjectkey in ( select phe.xobjectkey from personhaseset phe join eset es on es.uid_eset = phe.uid_eset and phe.uid_eset = '29971925-d5c9-4f84-9adc-6d57434e5d8d' join person p on p.uid_person = phe.uid_person and p.uid_department = '<uid of department>' ) 
 This assumes that a Person's department is determined just by the value in Person.UID_Department ...... if your identities are in multiple departments (PersonInDepartment) then you will need to adjust the query accordingly. 
 HTH, Barry.

Attestation policy - Edit condition

Top Replies