Saviynt Forums

Hi there, 

need some information about the correct syntax to be used in "UPDATEUSERJSON" for AD connector.

We are using the following information in the connector to set the Names according to our needs, but it does not work fully. 

The user attributes, mapped in the connectors field USER_ATTRIBUTE , are mapped correctly into the SSM user object. Unfortunately the updates, calculated trough the code in field UPDATEUSERJSON, are not stored in the SSM user object. The import job finished without showing any issue.

Thank you very much for all your comments

USER_ATTRIBUTE

[
    USERNAME::name#String,
    CUSTOMPROPERTY23::userAccountControl#String,
    CUSTOMPROPERTY27::pwdLastSet#millisec,
    PHONENUMBER::telephoneNumber#String,
    CUSTOMPROPERTY31::msExchExtensionAttribute36#String,
    CUSTOMPROPERTY47::msExchExtensionAttribute44#String
]

UPDATEUSERJSON

{
    "ADDITIONALTABLES": {
        "USERS": "SELECT USERNAME,SYSTEMUSERNAME,EMPLOYEECLASS,USERKEY,FIRSTNAME,LASTNAME,CUSTOMPROPERTY8,CUSTOMPROPERTY20,CUSTOMPROPERTY23,CUSTOMPROPERTY13,CUSTOMPROPERTY14,CUSTOMPROPERTY21,CUSTOMPROPERTY26,CUSTOMPROPERTY5,CUSTOMPROPERTY28,CUSTOMPROPERTY29,CUSTOMPROPERTY30,CUSTOMPROPERTY31,CUSTOMPROPERTY47,CUSTOMPROPERTY50,CUSTOMPROPERTY51 FROM USERS"
    },
    "COMPUTEDCOLUMNS": [
        "FIRSTNAME",
        "LASTNAME",
        "DISPLAYNAME"
    ],
    "PREPROCESSQUERIES": [
        "UPDATE NEWUSERDATA SET FIRSTNAME = (CASE WHEN CUSTOMPROPERTY47 IS NOT NULL AND CUSTOMPROPERTY47 != '' THEN CUSTOMPROPERTY47 WHEN ( CUSTOMPROPERTY47 IS NULL OR CUSTOMPROPERTY47 = '' ) AND  FIRSTNAME IS NOT NULL AND FIRSTNAME != '' THEN FIRSTNAME ELSE '' END )",
        "UPDATE NEWUSERDATA SET LASTNAME = (CASE WHEN CUSTOMPROPERTY31 IS NOT NULL AND CUSTOMPROPERTY31 != '' THEN CUSTOMPROPERTY31 WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LEFT(customproperty8, 2) = 'NL' AND CUSTOMPROPERTY5  IS NOT NULL AND CUSTOMPROPERTY5  != '' AND CUSTOMPROPERTY51 IS NOT NULL AND CUSTOMPROPERTY51 != '' THEN CONCAT( CUSTOMPROPERTY51, ' ', CUSTOMPROPERTY5) WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND left(customproperty8, 2) = 'NL' AND CUSTOMPROPERTY5  IS NOT NULL AND CUSTOMPROPERTY5  != '' AND ( CUSTOMPROPERTY51 IS NULL OR CUSTOMPROPERTY51 = '' ) THEN CUSTOMPROPERTY5 WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LASTNAME IS NOT NULL AND LASTNAME != '' AND LEFT(customproperty8, 2) = 'NL' AND ( CUSTOMPROPERTY5  IS NULL OR CUSTOMPROPERTY5 = '' ) AND CUSTOMPROPERTY50 IS NOT NULL AND CUSTOMPROPERTY50 != '' THEN CONCAT(CUSTOMPROPERTY50, ' ', LASTNAME) WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LASTNAME IS NOT NULL AND LASTNAME != '' AND LEFT(customproperty8, 2) = 'NL' AND ( CUSTOMPROPERTY5  IS NULL OR CUSTOMPROPERTY5  = '' ) AND ( CUSTOMPROPERTY50 IS NULL OR CUSTOMPROPERTY50 = '' ) THEN LASTNAME WHEN ( CUSTOMPROPERTY31 IS NULL OR CUSTOMPROPERTY31 = '' ) AND LASTNAME IS NOT NULL AND LASTNAME != '' AND LEFT(customproperty8, 2) != 'NL' THEN LASTNAME END)",
        "UPDATE NEWUSERDATA SET DISPLAYNAME = (CASE WHEN TITLE IS NOT NULL AND TITLE != '' AND EMPLOYEECLASS  = 'EXTERNAL' THEN CONCAT (TITLE, ' ', LASTNAME, ', ', FIRSTNAME, ' (external)') WHEN TITLE IS NOT NULL AND TITLE != '' AND EMPLOYEECLASS != 'EXTERNAL' THEN CONCAT(TITLE, ' ', LASTNAME, ', ', FIRSTNAME ) WHEN EMPLOYEECLASS  = 'EXTERNAL' THEN CONCAT(LASTNAME, ', ', FIRSTNAME, ' (external)') ELSE CONCAT(LASTNAME, ', ', FIRSTNAME) END)"
    ]
}        

Can someone please confirm / disconfirm that my UPDATEUSERJSON is totally wrong? I had it just copied from the already working SAP connection.

Are there any more detailed documents about the UPDATEUSERJSON JSON syntax, which stanzas are supported and what are the purpose of each?

Additionally I would kindly ask, if my understanding of the Updating a User  sample JSON in Documentation Portal Link is correct? 

• the UPDATEUSERJSON does not really update the SSM user object directly, instead it updates / enrich the data wich are read in from AD before they are stored in a SSM AD account object.
• The UPDATEUSERJSON is executed before the USER_ATTRIBUTE JSON.
• If I need to have updates on SSM user object, like from the SAP connection, which is using the UPDATEUSERJSON field, than I have to manipulate the USER_ATTRIBUTE field with the correct groovy code for the particular mapped attribute value. which will be potentially be updated by the UPDATEUSERJSON before evaluated in USER_ATTRIBUTE mapping.
• To being able to update the user (which is a User object in terms of AD(?)) the UPDATEUSERJSON must have the objectClasses attribute filled with value "user"?

Thanks and best regards

[This post has been edited by a Moderator to merge two posts.]