We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.
No ratings
abhisheknair
Saviynt Employee
Saviynt Employee

Short Description:

Dynamic Attributes are very important tool to address the form specific use cases. This document talks about the best usage of dynamic attributes for different use cases.

Application Version

All versions

Detailed Best Practice

  1. How to use string-based fields as input and calculating third dynamic attribute using the string inputs (Example use case - How do you generate a username based on first
    name & last name entered by a sponsor during a user creation request)
    • Sample query to calculate username on basis of firstname, lastname, middlename where all the three are dynamic attribute and taken as input from the requestor creating the user SELECT concat(LPAD(FLOOR(RAND() * 999999.99), 3, '0'), substring('${if(binding.variables.containsKey("FirstName")){ FirstName } else {''}}',1,1),substring('${if(binding.variables.containsKey("MiddleName")){ MiddleName } else { if(binding.variables.containsKey('FirstName')){ FirstName } else {''}}}',1,1),substring('${if(binding.variables.containsKey("LastName")){ LastName } else {''}}',1,1), LPAD(FLOOR(RAND() * 999999.99), 4, '0')) AS id FROM users WHERE 'id' NOT in (SELECT username FROM users) and 'Yes'=${isGenerateUUID} LIMIT 1
  2. How to use Regex to validate inputs in String fields (Example use case  - validate proper mobile number inputs, some fields input without any numeric values entered by a sponsor during a user creation request)
    • Sample validation exmaples: Email validation regex - ^[a-zA-Z0-9]*[._]?[a-zA-Z0-9]*[@][a-zA-Z0-9]*[.][a-zA-Z0-9]*$ Validation condition for mobile number - ${Mobile.length() == 0 || Mobile.length() == 10 && Mobile.isNumber() && Double.valueOf(Mobile) > 0
  3. How to Use dynamic attributes in Birthright provisioning tasks
    • Define dynamic attributes at the endpoint.
    • Specify SQL query or default values to be populated into the Dynamic attribute.
    • Use the dynamic attributes in the create/update account JSONs.
  4. How to use “Duplicate not allowed” option in Register user
    • When checked while creating the dynamic attribute, does the validation of the value against all the values present in the column specified.
    • Works in case of both create and update user scenario.
  5. Usage of Constant String hidden values in Register user for
    • Constant strings can be used as default values in dynamic attributes, however if not handled properly in case of update user, then it will push the default value in case of update user as well (which might not be desirable).
    • Either make this variable visible and non-editable in case of update scenario, otherwise handle this in a post processing scenario.
  6. ARS requests - Usage of requestor, requestee and user object in SQL queries to fetch values from user profile.
    • Requestee and user - user object for the user in context or the user for whom the access is being created/modified.
    • Requestor - user object for the user who is making the request.
    • Sample SQL queries
      • select costcenter as id from users where userkey='${requestor}';
      • select costcenter as id from users where userkey='${requestee}';
      • select costcenter as id from users where userkey='${user.id}';
  1. How to Control access to Endpoints on basis of SAV Role of requestee and requestor
    • where ${requestee.id} in (select distinct us.userkey from User_savroles us where us.rolekey=(select s.rolekey from Savroles s where s.rolename='ROLE_SECONDARY_MANAGER')) and ${requestor.id} in (select distinct us1.userkey from User_savroles us1 where us1.rolekey=(select s1.rolekey from Savroles s1 where s1.rolename='ROLE_SECONDARY_MANAGER’))
  2. How to send old and new attribute values over email when user profile values are updated
    • Old Value ${accessItems.collect{it.request_access_attrss.collect{(it.attributeName.toString()=='customproperty64'?it.attributeoldValue:'')}}.toString().replace('[','').replace(']','').trim().replace(',','')}
    • New Value

${accessItems.collect{it.request_access_attrss.collect{(it.attributeName.toString()=='customproperty64'?it.attributeValue:'')}}.toString().replace('[','').replace(']','').trim().replace(',','')}

Key Benefit (Quantitative/qualitative)

  • Improved usage of dynamic attributes

Reference documentation

https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter12-Access-Request-System/ars...

Comments
AG
Regular Contributor II
Regular Contributor II

Regd. #3. Do we have any binding variable for Role metadata? If I want to auto pre-populate the Role metadata values during birthright provisioning?

AG
Regular Contributor II
Regular Contributor II

#6.2 Does this capture old and new values for all user profile attributes? e.g. if I need old and new Manager?

Version history
Last update:
‎07/10/2023 07:00 AM
Updated by: