Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Anaytics report - remove access when department is changed

Go to solution
ejeong
Valued Contributor
Valued Contributor

‎08/05/2022 04:53 AM

When department attribute is updated, i would like to create revoke access tasks for all priviliged entitlement. We have value as "P" in those entitlement. Chanllenge here is how can we make qeury for when department is updated..

Please help

0 Kudos
5 REPLIES 5

Go to solution
rushikeshvartak
All-Star
All-Star

‎08/05/2022 05:02 AM

You need to use rules to Remove access. 

In analytics you won't be able to find flag for change for user attributes as user history is getting stored in blob 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.
0 Kudos

Go to solution
ejeong
Valued Contributor
Valued Contributor

‎08/05/2022 05:05 AM

How can i define sepecific entitlements with "P" in cp1 in user update rule?

In action, i can define endpoint only... we dont want to revoke all access..

0 Kudos

Go to solution
sahajranajee
Saviynt Employee
Saviynt Employee
In response to ejeong

‎08/07/2022 11:10 PM

Hi @ejeong ,

Checking specific entitlements would not work out in Rules. You can do that in Analytics but not be able to check the attribute change there.

Here is how you can achieve it though :
1. Using two attributes for the same value during user import

2. Using the user import preprocessor.

So, in the user import connector, map the department value to departmentname  and another attribute , lets say CP10.

In the user import preprocesor, write a logic that during import will compare the values in the import feed for department in the current feed and the existing user table.

If a new department comes in the feed, it will update CP10 with the old department value and your department value gets mapped to your department name.  If the values remain the same, both departmentname and CP10 retain the department value.

Then write an analytics query to revoke entitlements based on mismatch between CP10 and departmentname in user which removes your Entitlements having P in CP1. 


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos

Go to solution
ejeong
Valued Contributor
Valued Contributor

‎08/07/2022 11:14 PM

Thanks for great Idea. 

I have one question 

In the user import preprocesor, write a logic that during import will compare the values in the import feed for department in the current feed and the existing user table.

Let's say one user got new departmeent name in department field. how do I get previous departement name and pass it to CP10? 

0 Kudos

Go to solution
sahajranajee
Saviynt Employee
Saviynt Employee

‎08/08/2022 12:30 AM - edited ‎08/08/2022 12:31 AM

Hi @ejeong ,

In the userimport preprocessor, you can refer the existing values using CURRENT as prefix to the table name. The table query should be initialized in the ADDITIONALTABLES parameter.  Please go through the User Import Preprocessor guide for more details :
https://saviynt.freshdesk.com/support/solutions/articles/43000571860-normalizing-the-identity-data-u...


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos
Copyright © 2024 Khoros, LLC