and more in a single search tool across platforms. Read the announcement here. |
03/02/2023 11:30 AM - edited 03/02/2023 11:31 AM
Hello Saviynt Expert,
I want to update an application account when a user is assigned to an enterprise role. the account attribute value is depend on the role name.
To achieve this purpose, in my updateAccountJSON, I want to set the attribute value by reference the dynamic attribute of assigned role . Is this possible? any suggestions and recommendations?
Can I use dynamic attribute of the role to define the value for the account attribute? in what situation and how to use dynamic attribute of the role?
Thanks
03/03/2023 01:02 AM
Hi @IAMI
Can you please give some more details like how are the users added to enterprise role , after that is the user should request that Application or you need to update it automatically and in the json you need to pass some attribute related to enterprise role.
Even if you use DA for role, for update account you wont be able to use it better to store it in users table of some cp.
But give some clarity and lets see
03/03/2023 07:42 AM - edited 03/03/2023 07:43 AM
Hi Darshan,
We use user attribute value query to determine the role assignment with technical rule. After that, we want to use user update rule to determine if the user have this role assigned, create or update an application account for this user. and the createAccountJSON/updateAccountJSON should be able determine one attribute value based on the role assigned or based on the rule name that triggered this account operation.
Thanks.
03/03/2023 08:09 AM
Okay got it, if you are calling the update account json from user update rule then you can only use the variables which are allowed ( user or account ), Even request is not created so there is no DA coming into picture as well.
So one thing what i am getting is, once a role is assigned to user, you can store that in some user custom property via sav 4 sav or custom query job and then you can pass those value in update account json directly
03/03/2023 08:23 AM
Thanks Darshan for your idea to utilize the user custom property. however, we have almost run out of all customproperties.
Can we access to task object within createAccountJSON and updateAccountJSON?
As long as we know what rule triggered the task for account operation, we can determine what attribute value to set.
03/03/2023 08:33 AM
Yes Task object is exposed, you can try out that scenario just that you may need to create many rules if you have lot of roles and objects you want to use.
03/03/2023 08:48 AM
That is great to know. I can refer to any column of the task table, right? Can you refer me to a documentation link of scripting with these objects such as users, accounts, tasks etc.? I understand how to do java/javascript programing. but need some Saviynt specific information such as what is allowed and what is not allowed, what is the correct syntax etc.
Thanks,
03/03/2023 08:51 AM
You can find the exposed variables/items for provisioning from respective connector documentation.
What is your target in this case?
03/03/2023 08:58 AM - edited 03/03/2023 08:58 AM
My target is to develop custom connector for inhouse application that is not applicable to all out of box connectors. this custom connector need configure createAccountJSON and updateAccountJSON. So I need usnerstand how to pass parameters from saviynt to custom connector createAccount and udpateAccount methods.
We need collect account attribute values based on roles assigned. rules triggered etc. I think Saviynt should have a common practice apply to all connectors what is allowed, and what is not allowed, what is exposed and what is correct syntax etc. I need this kind of documentation link.
Thanks,
03/04/2023 09:09 PM
Hi @IAMI
For custom connector, Saviynt has a frame work and named it as JAR connector. Please check out the documentation for the same
https://docs.saviyntcloud.com/bundle/JAR-v2020x/page/Content/About-this-Guide.htm