Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

How to set Owner on Terminate as Manager for existing multiple users in one go

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 18 2020 at 12:05 UTC

How to set users 'Owner on Terminate' value to same value as users 'Manager' value in one go?

We have thousands of users in SSM, so we are looking for a way to update all users in one go.

The requirement is to set <Owner on Terminate> = <Manager>

Example - if user A's manager is 'B', then set 'Owner on Terminate' = 'B'

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
7 REPLIES 7

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 18 2020 at 12:14 UTC

Hi Ramanpreet,


You can use the users import utility from users list page. Username is the reconcilitaion field, so ensure that you pass, username and the owneronterminate fields. This would update the users owneronterminate attribute.


owneronterminate would be the managers userkey that need to passed to the file.


Example user A has username sample_userA and has manager sample_manager whose userkey is 121


Then file would have record as


sample_userA ,121.


Thanks

Ajay

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 18 2020 at 13:15 UTC

Thanks Ajay,


Is there any other way apart from CSV file import please?


We are looking for more automated way than manual.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 19 2020 at 18:23 UTC

Hi Ramanpreet,

If you want a systematic way to perform this action, therefore you have a (non standard) solution :

  • Use CustomQueryJob that would update the "OWNERONTERMINATE" column of the users, with the value of their "MANAGER". Of course this should be defined on a restricted perimeter to not affect all the users in the Identity Repository.

Sample query below would update all users that have been updated for last 12 hours : UPDATE users SET owneronterminate=manager WHERE manager is not null and (updatedate > DATE_SUB(sysdate(), INTERVAL 12 HOURS) OR savupdatedate > DATE_SUB(sysdate(), INTERVAL 12 HOURS));
This CustomQueryJob would be scheduled twice a day.
I do not recommend to run those jobs very often (every 5 minutes for instance) to make avoid any deadlock on DB.
Regards,Adrien

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 20 2020 at 14:36 UTC

Hi Ramanpreet - we have an enhancement in place to set actor has the owner on terminate in addition to setting user explicitly.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 20 2020 at 16:02 UTC

Hi Adrien,


Thanks for the help.


I will try this next week as something urgent come up. I will let you know if it works.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 5 2020 at 17:10 UTC

@Adrien - Thank you very much. The SQL query works perfectly and does the job.


Follow up question -


Since the data was updated via direct SQL query, the changes to the users data are not reflected in the Update History tab of the users in the SSM console.


Is there any way to update owneronterminate via another method so that its reflected in the Update history - for auditing purposes?


@Saviynt Customer Portal - Thanks. Could you please confirm which version will have this functionality by default without compromising auditing? Also, could you please share the enhancement reference?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 18 2021 at 11:24 UTC

Hi Ramanpreet ,

If you want the updated values to be visible in Update history of the user , try to include this "owner on terminate" field value set in "Modify User Json" in your source. This functionality might work through the import process than from the uploading the csv or creating a custom query job.


Thanks

Mounika Challa

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.