Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help with Service Account Name Rule

savuser17
Regular Contributor
Regular Contributor

‎07/01/2024 03:14 AM

Hi,

Need some help with auto increment function of service account name rule. So this is our current query:

${if(Application.length() < 11 && Application.equals('CyberArk')){Type.concat('_Ca').concat(OSType.substring(0,3)).concat('user')} else if(Application.length() < 11){Type.concat('_').concat(((((((((Application.replace(' ','')).replace('(','')).replace(')','')).replace('-','')).replace('/','')).replace('.','')).replace('&','')).replace(':','')).replace('�','')).concat('_').concat(Environment.split('-')[0])} else {Type.concat('_').concat(((((((((Application.substring(0,10).replace(' ','')).replace('(','')).replace(')','')).replace('-','')).replace('/','')).replace('.','')).replace('&','')).replace(':','')).concat('_').replace('�','')).concat(Environment.split('-')[0])} }###INCREMENTINDEX###

The relevant part here is the first condition where application name equals CyberArk, there it should be Ca + either Win or Lin (based on what user selects in a dynamic attribute) + user + increment number. So this query works in one environment where there were no already present users by this name which meant the increment started from scratch. However, in a rela-time environment, we already have multiple cawinuser1,2,3....in hundreds, same with calinusers.

Does anyone have any input on how to write this code? I already tried with the below:

${if(Application.length() < 11 && Application.equals('CyberArk')){Type.concat('_Ca').concat(OSType.substring(0,3)).concat('user').concat(select count(*) from accounts a where a.endpointkey = 131 and a.name like concat('_Ca','Winuser','%'))} else if(Application.length() < 11){Type.concat('_').concat(((((((((Application.replace(' ','')).replace('(','')).replace(')','')).replace('-','')).replace('/','')).replace('.','')).replace('&','')).replace(':','')).replace('�','')).concat('_').concat(Environment.split('-')[0])} else {Type.concat('_').concat(((((((((Application.substring(0,10).replace(' ','')).replace('(','')).replace(')','')).replace('-','')).replace('/','')).replace('.','')).replace('&','')).replace(':','')).concat('_').replace('�','')).concat(Environment.split('-')[0])} }###INCREMENTINDEX###

but for some reason when i try to save this code it does not save only - im guessing there must be some flaw in this. My logic was that the count code would count the number of accounts that had something appended to cawinuser and then automatically add that number and increment the account

If someone can help would be much appreciated.

Thanks in advance

Labels:
0 Kudos
13 REPLIES 13

rushikeshvartak
All-Star
All-Star

‎07/01/2024 06:51 AM

Can you share logs 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

savuser17
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/01/2024 07:32 AM

Can't find specific logs as it is still trying to save without timing out. Still attaching from a couple minutes after I tried to update the rule.

Preview file
443 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to savuser17

‎07/01/2024 07:58 AM

check in network logs in browser if any


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

savuser17
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/01/2024 09:08 AM

Checked this as well now. No change in logs - and as of ten minutes ago, the loading icon is still running  on the update page of Service Account endpoint

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to savuser17

‎07/01/2024 09:38 AM

Now for application where account name already exists you can create another dynamic attribute and use in account name rule


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

jsatish
Regular Contributor II
Regular Contributor II

‎07/10/2024 07:37 AM - edited ‎07/10/2024 07:38 AM

@rushikeshvartak - Sorry asking this question out of context of this thread. Is it possible to restrict service account name with only generate instead of putting it manually?. As page is allowed to update it manually to any value.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jsatish

‎07/10/2024 09:02 AM

You can achieve this  

  1. Solved: Service Account integration queries - Saviynt Forums - 9345 (refer 8 - has a solution to edit gsp file and this is not recommended

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

jsatish
Regular Contributor II
Regular Contributor II

‎08/12/2024 01:54 AM

Yes, it would be global change for all the Service Account Management. Btw i am able to do small change in gsp page. 

Regards,
SJ

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jsatish

‎08/12/2024 04:48 AM

Does your issue resolved ? If yes provide gsp name & solution/code added in gsp


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

jsatish
Regular Contributor II
Regular Contributor II

‎08/12/2024 07:42 AM

gsp name: createrequestsecondstepint.gsp
Below are the changes
<g:if test="${params.manageserviceaccount != null && params.manageserviceaccount=='1' && accounts==null}">
<input type="text" readonly='true' name="accountNameDiv${params.pagenumber}" class="form-control" aria-label="<g:message code="NameKey.label" args="[g.message([code: 'AccountKey.label'])]"/>" rows="1" id="accountNameDiv${params.pagenumber}" value="" cols="25" onblur="replaceAccountName(this.value,'${params.pagenumber}', '${endpoints?.id}', 'manual')" />

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jsatish

‎08/12/2024 09:25 AM

You can validate application name / customproperty and make it conditional 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

jsatish
Regular Contributor II
Regular Contributor II

‎08/12/2024 09:32 AM

Yes, but we want make very minimal changes in gsp files. Rest everything will be controlled within sa

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jsatish

‎08/12/2024 09:47 AM

Great anything else you looking out here ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC