and more in a single search tool across platforms. Read the announcement here. |
01/16/2024 07:27 AM - last edited on 01/16/2024 11:07 AM by Dave
Hi there,
need some information about the correct syntax to be used in "UPDATEUSERJSON" for AD connector.
We are using the following information in the connector to set the Names according to our needs, but it does not work fully.
The user attributes, mapped in the connectors field USER_ATTRIBUTE , are mapped correctly into the SSM user object. Unfortunately the updates, calculated trough the code in field UPDATEUSERJSON, are not stored in the SSM user object. The import job finished without showing any issue.
Thank you very much for all your comments
USER_ATTRIBUTE
[
USERNAME::name#String,
CUSTOMPROPERTY23::userAccountControl#String,
CUSTOMPROPERTY27::pwdLastSet#millisec,
PHONENUMBER::telephoneNumber#String,
CUSTOMPROPERTY31::msExchExtensionAttribute36#String,
CUSTOMPROPERTY47::msExchExtensionAttribute44#String
]
UPDATEUSERJSON
{
"ADDITIONALTABLES": {
"USERS": "SELECT USERNAME,SYSTEMUSERNAME,EMPLOYEECLASS,USERKEY,FIRSTNAME,LASTNAME,CUSTOMPROPERTY8,CUSTOMPROPERTY20,CUSTOMPROPERTY23,CUSTOMPROPERTY13,CUSTOMPROPERTY14,CUSTOMPROPERTY21,CUSTOMPROPERTY26,CUSTOMPROPERTY5,CUSTOMPROPERTY28,CUSTOMPROPERTY29,CUSTOMPROPERTY30,CUSTOMPROPERTY31,CUSTOMPROPERTY47,CUSTOMPROPERTY50,CUSTOMPROPERTY51 FROM USERS"
},
"COMPUTEDCOLUMNS": [
"FIRSTNAME",
"LASTNAME",
"DISPLAYNAME"
],
"PREPROCESSQUERIES": [
"UPDATE NEWUSERDATA SET FIRSTNAME = (CASE WHEN CUSTOMPROPERTY47 IS NOT NULL AND CUSTOMPROPERTY47 != '' THEN CUSTOMPROPERTY47 WHEN ( CUSTOMPROPERTY47 IS NULL OR CUSTOMPROPERTY47 = '' ) AND FIRSTNAME IS NOT NULL AND FIRSTNAME != '' THEN FIRSTNAME ELSE '' END )",
"UPDATE NEWUSERDATA SET LASTNAME = (CASE WHEN CUSTOMPROPERTY31 IS NOT NULL AND CUSTOMPROPERTY31 != '' THEN CUSTOMPROPERTY31 WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LEFT(customproperty8, 2) = 'NL' AND CUSTOMPROPERTY5 IS NOT NULL AND CUSTOMPROPERTY5 != '' AND CUSTOMPROPERTY51 IS NOT NULL AND CUSTOMPROPERTY51 != '' THEN CONCAT( CUSTOMPROPERTY51, ' ', CUSTOMPROPERTY5) WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND left(customproperty8, 2) = 'NL' AND CUSTOMPROPERTY5 IS NOT NULL AND CUSTOMPROPERTY5 != '' AND ( CUSTOMPROPERTY51 IS NULL OR CUSTOMPROPERTY51 = '' ) THEN CUSTOMPROPERTY5 WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LASTNAME IS NOT NULL AND LASTNAME != '' AND LEFT(customproperty8, 2) = 'NL' AND ( CUSTOMPROPERTY5 IS NULL OR CUSTOMPROPERTY5 = '' ) AND CUSTOMPROPERTY50 IS NOT NULL AND CUSTOMPROPERTY50 != '' THEN CONCAT(CUSTOMPROPERTY50, ' ', LASTNAME) WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LASTNAME IS NOT NULL AND LASTNAME != '' AND LEFT(customproperty8, 2) = 'NL' AND ( CUSTOMPROPERTY5 IS NULL OR CUSTOMPROPERTY5 = '' ) AND ( CUSTOMPROPERTY50 IS NULL OR CUSTOMPROPERTY50 = '' ) THEN LASTNAME WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LASTNAME IS NOT NULL AND LASTNAME != '' AND LEFT(customproperty8, 2) != 'NL' THEN LASTNAME END)",
"UPDATE NEWUSERDATA SET DISPLAYNAME = (CASE WHEN TITLE IS NOT NULL AND TITLE != '' AND EMPLOYEECLASS = 'EXTERNAL' THEN CONCAT (TITLE, ' ', LASTNAME, ', ', FIRSTNAME, ' (external)') WHEN TITLE IS NOT NULL AND TITLE != '' AND EMPLOYEECLASS != 'EXTERNAL' THEN CONCAT(TITLE, ' ', LASTNAME, ', ', FIRSTNAME ) WHEN EMPLOYEECLASS = 'EXTERNAL' THEN CONCAT(LASTNAME, ', ', FIRSTNAME, ' (external)') ELSE CONCAT(LASTNAME, ', ', FIRSTNAME) END)"
]
}
Can someone please confirm / disconfirm that my UPDATEUSERJSON is totally wrong? I had it just copied from the already working SAP connection.
Are there any more detailed documents about the UPDATEUSERJSON JSON syntax, which stanzas are supported and what are the purpose of each?
Additionally I would kindly ask, if my understanding of the Updating a User sample JSON in Documentation Portal Link is correct?
Thanks and best regards
[This post has been edited by a Moderator to merge two posts.]
01/17/2024 09:58 PM - edited 01/17/2024 10:18 PM
Hello @Volker,
Are you referring to either the import or provisioning process?
If you're addressing the import, you have the option to bring in user data and utilize the inline processor to modify the data. USE the MODIFYUSERDATAJSON parameter to specify the use of the inline processor for transforming data during user import.
Alternatively, if you are discussing provisioning, could you provide further details about your specific use case?
You can Ref: https://forums.saviynt.com/t5/community-knowledge-base/how-to-restrict-modifyuserdatajson-of-userimp...
https://forums.saviynt.com/t5/identity-governance/modifyuserdatajson-preprocessqueries-termdate/m-p/...
Thanks.
01/17/2024 10:38 PM
Hello @sudeshjaiswal,
thanks for digging into my question.
I am talking about reconciliation of an AD target system.
I have already successfully configured the mapping of AD Account attributes into the SSM user object and it works like expected.
Here is the used value of connector configuration field USER_ATTRIBUTE:
[
USERNAME::name#String,
CUSTOMPROPERTY23::userAccountControl#String,
CUSTOMPROPERTY27::pwdLastSet#millisec,
PHONENUMBER::telephoneNumber#String,
CUSTOMPROPERTY31::msExchExtensionAttribute36#String,
CUSTOMPROPERTY47::msExchExtensionAttribute44#String
]
Now I would like to use the new Values, for example in SSM.USERS.customproperty31, during this reconciliation to recalculate the existing SSM user objects DISPLAYNAME.
Unfortunately, it does not behave as expected, no updates are coming to the user object. On the other hand, no error is displayed during import.
I am asking me if the following flow meets the reality and what I am personally doing wrong in the UPDATEUSERJSON, as no USER update happens.
Thanks for your support.
Regards
Volker
01/17/2024 11:02 PM
Hello @Volker,
The Below case is can be achieve when you use the inline processor MODIFYUSERDATAJSON not in the UPDATEUSERJSON
01/18/2024 12:59 AM
Thank you for your reply.
I am already trying to use the MODIFYUSERDATAJSON. Just as I already do in a similar way in the SAP connection. It works perfectly there too.
Did I understand you correctly that the MODIFYUSERDATAJSON in the AD connection is meant to calculate updates that are to be propagated to the SSM USER object at the end of the import process?
Unfortunately, I am not able to get the MODIFYUSERDATAJSON configuration to work correctly in the AD connector configuration. It just seems to be ignored and no error occurs.
Can you please provide a short example of a real working value for AD Connector MODIFYUSERDATAJSON?
Regards
Volker
01/18/2024 07:59 PM
01/18/2024 10:22 PM - edited 01/18/2024 10:22 PM
Thanks for the link and the clear statement, that it should work, this is like I would expect it.
In fact, I have done exactly those described scripts for HR connection and a slightly different logic on AD connection. Both use the same syntax, but slightly different in logic and involved attributes.
Now, for HR connection it works as expected bu for the AD connection its just doing nothing visible on the SSM.user object.
Any further idea what I could have done wrong? Or is it now the case for opening an support ticket for?
Regards
Volker
01/18/2024 10:37 PM
check logs , Support team will not help on configuration