Saviynt Forums

Sbachu · ‎04/08/2024

we are creating BR roles using technical rules but we want to add only those users who have a account at endpoint. Any new users who's account is not existing should be omitted even if User matches the tech rule. if his account is created on later date User should add to role and get provisioned to groups in role. is there a way to achieve this without using a custom property update at identity level

rushikeshvartak · ‎04/08/2024

You can join to accounts table in advanced query

Refer https://forums.saviynt.com/t5/saviynt-knowledge-base/advanced-usage-of-eic-identity-objects-in-provi...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Amit_Malik · ‎04/09/2024

Hi @Sbachu ,

Provisioning rules allow you to use different tables , other than users. Here is Saviynt document for same : https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Obtaining-the-attribute-details-from-tables-o...

Above doc has the tables and the format to use those.

Also Forum doc : https://forums.saviynt.com/t5/saviynt-knowledge-base/advanced-usage-of-eic-identity-objects-in-provi...

Thanks, Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

pmahalle · ‎04/09/2024

HI @Sbachu ,

You can use advanced query in your technical for conditions and there you can use accounts, user_accounts table to check whether user have account on the endpoint or not. Below is the sample advance query for the rule.

a.statuskey=1 and a.id in (select distinct us.userkey from User_accounts us, Accounts cc, Endpoints ep where us.accountkey=cc.id and cc.endpointkey =ep.id and ep.endpointname in ('<endpoint name here>','<provide endpoint name here>'))

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

Sbachu · ‎04/09/2024

Thank you so much @pmahalle i am testing this. can you please elaborate this query to include of if customproperty8 contains 'xxxxxx' we have this CP8 update for each user and when trying to include this in query i am getting invalid condition.

rushikeshvartak · ‎04/09/2024

Please share query

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sbachu · ‎04/09/2024

Users.customproperty8 like '%xxxxxxx%' and a.statuskey=1 and a.id in (select distinct us.userkey from User_accounts us, Accounts cc, Endpoints ep where us.accountkey=cc.id and cc.endpointkey =ep.id and ep.endpointname in ('Aloy_AD_SaviyntPOC_Test1','Aloy_AD_SaviyntPOC_Test1'))

rushikeshvartak · ‎04/09/2024

a.customproperty8 like '%xxxxxxx%' and a.statuskey=1 and a.id in (select distinct us.userkey from User_accounts us, Accounts cc, Endpoints ep where us.accountkey=cc.id and cc.endpointkey =ep.id and ep.endpointname in ('Aloy_AD_SaviyntPOC_Test1','Aloy_AD_SaviyntPOC_Test1'))

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sbachu · ‎04/09/2024

if (Users. customproperty8 = 'xxxxxxx') and a.statuskey=1 and a.id in (select distinct us.userkey from User_accounts us, Accounts cc, Endpoints ep where us.accountkey=cc.id and cc.endpointkey =ep.id and ep.endpointname in ('Aloy_AD_SaviyntPOC_Test1','Aloy_AD_SaviyntPOC_Test1'))

we are using supervisor ID in XXXXX

Sbachu · ‎04/09/2024

Users.customproperty8 like '%1001001146%' and a.statuskey=1 and a.id in (select distinct us.userkey from User_accounts us, Accounts cc, Endpoints ep where us.accountkey=cc.id and cc.endpointkey =ep.id and ep.endpointname in ('Aloy_AD_SaviyntPOC_Test1','Aloy_AD_SaviyntPOC_Test1'))

rushikeshvartak · ‎04/09/2024

if (a.customproperty8 = 'xxxxxxx') and a.statuskey=1 and a.id in (select distinct us.userkey from User_accounts us, Accounts cc, Endpoints ep where us.accountkey=cc.id and cc.endpointkey =ep.id and ep.endpointname in ('Aloy_AD_SaviyntPOC_Test1','Aloy_AD_SaviyntPOC_Test1'))

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sbachu · ‎04/09/2024

Thank you so much @rushikeshvartak

rushikeshvartak · ‎04/09/2024

Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sbachu · ‎04/09/2024

The solution you suggested works @rushikeshvartak

Saviynt Forums

Add to role only if account exist at endpoint