This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Future terminated users remove from AD groups/Entitlements

Go to solution
rajb
New Contributor II
New Contributor II

‎11-22-2022 07:25 AM

Hi Folks,

currently I am working on use case - request to set up a technical rule within the Saviynt system to remove Cososys AD groups for separating employees in their last 2 weeks window. if they have certain AD groups or entitlements - grant users write access to removable devices that ITAP-C would like to remove: when employees are in their notice period so they can not copy /transfer data from Laptop or working computers.

Via user update rule- or Technical rule - its challenging because how to handle terminate or exit date logic in tech rules? also that date can be future.

Any ideas ? using reports?

Thanks,

Raj

0 Kudos
7 REPLIES 7

Go to solution
rushikeshvartak
All-Star
All-Star

‎11-22-2022 10:30 AM

You can create report considering exit date will be stored in users customproperty from exist last 90/60 days you can remove write access.


Regards,
Rushikesh Vartak
0 Kudos

Go to solution
rajb
New Contributor II
New Contributor II
In response to rushikeshvartak

‎11-22-2022 10:54 AM

Thanks Rushi for your prompt response.

Is there any table where I can narrow down those users whose -

1. Exit/End date/Termination date in near future - 2 weeks or 4 weeks

2. users have those certain AD entitlements like %Cososys%

usecase - To identity such users who satisfy above 2 consditions so InfoSec Cyber team can remove those AD entitlements from those users so they can not copy /transfer data during their notice period duration.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to rajb

‎11-22-2022 11:17 AM

Add filter of date and update query as per your needs

select * from (select a.name,entitlement_Value,u.username from account_entitlements1 ae1 join accounts a
on a.accountkey=ae1.accountkey
left join user_Accounts ua
on ua.accountkey=a.accountkey
left join users u
on u.userkey=ua.userkey
left join
endpoints e on e.endpointkey=a.endpointkey
left join entitlement_Values ev
on ev.entitlement_valuekey=ae1.entitlement_valuekey

and e.endpointname ='Saviynt')data where entitlement_value like '%Admin%'


Regards,
Rushikesh Vartak

Go to solution
rajb
New Contributor II
New Contributor II
In response to rushikeshvartak

‎11-23-2022 08:25 AM

Thank you Rushi!

0 Kudos

Go to solution
rajb
New Contributor II
New Contributor II
In response to rushikeshvartak

‎11-25-2022 09:09 AM

hi Rushi,

Here is my query but looks like enddate condition is not working properly as its getting row count for all users whose enddate is 31 Dec 2023

select a.accountkey AS acctKey, ev.entitlement_value AS entvaluekey, a.name, u.username,u.firstname,u.lastname,u.enddate,u.customproperty18 AS "Separation Date",
u.customproperty22 AS "Expected End Date" from account_entitlements1 ae1 join accounts a
on a.accountkey=ae1.accountkey
left join user_Accounts ua
on ua.accountkey=a.accountkey
left join users u
on u.userkey=ua.userkey
left join
endpoints e on e.endpointkey=a.endpointkey
left join entitlement_Values ev
on ev.entitlement_valuekey=ae1.entitlement_valuekey
where entitlement_value like '%CoSoSys%' and e.endpointname ='Active Directory' and u.statuskey=1 and u.enddate >= NOW() - INTERVAL 14 DAY

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to rajb

‎11-25-2022 09:37 PM

Use full join


Regards,
Rushikesh Vartak
0 Kudos

Go to solution
rajb
New Contributor II
New Contributor II
In response to rushikeshvartak

‎11-28-2022 06:01 AM

I believe full join does not work in mysql. I tried that using union but it didnt give me expected results.

0 Kudos
Copyright © 2023 Khoros, LLC