Saviynt Forums

Community_User · ‎04/12/2022

Originally posted on February 7 2022 at 08:51 UTC

Please let me know how to assign Sav role "ROLE_SAV_MANAGER" by default to all Managers.

Kindly let me know how it can be achieved.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on February 9 2022 at 14:00 UTC

Hi Kumar,
Thank you for posting your question.
To achieve your requirement you could make use of SaviyntForSaviynt User Import Solution. Prerequisites would be:
1. A reserved flag attribute on the user’s table.
2. A user update user rule to look for updates from the SaviyntforSaviynt User Import trigger based on the flag attribute.
3. A simple technical rule that is triggered from the user update rule.

In this common use case, it is usually around providing addition or removal of access to the existing users. Detective job was used for this, but this can be easily replaced via SaviyntForSaviynt user import.

Steps To Follow:
1) Enable SaviyntForSaviynt from Global Configuration:

2) Once SaviyntForSaviynt is configured, we would be using the user import functionality from SaviyntForSaviynt to trigger rules. So, we will have to build a user import XML.
3) Sample XML: A few best practices have been highlighted and explained below:

<dataMapping>

<sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="username">

<![CDATA[select username,'Assign Role' as customproperty21 from users where statuskey=1 and costcenter='ABC12' and customproperty21 is null;]]>

</sql-query>

<zeroDayProvisioning>false</zeroDayProvisioning>

<generateEmail>false</generateEmail>

<userNotInFileAction>NOACTION</userNotInFileAction>

<buildUserMap>false</buildUserMap>

<generateSystemUsername>false</generateSystemUsername>

<userOperationsAllowed>UPDATE</userOperationsAllowed>

<userReconcillationField>username</userReconcillationField>

</importsettings>

</mapper>

</dataMapping>

In the sample XML above, a few best practices have been followed:

sql-query

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on March 23 2022 at 14:52 UTC

Apart from the above solution. Could you please let us know how this can be achieved in a different way. We are not getting the Manager flag from our Source of truth.

Please let us know the solution.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on March 23 2022 at 21:33 UTC

Kumar,

If your Authoratative Source is not sending a flag, then the best approach is to utilize the solution provided by Belwyn.

The SQL query that he has used can be written in such a way that it lists only those users who are Managers in Saviynt.

Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Saviynt Forums

How to assign Sav role "ROLE_SAV_MANAGER" by default to all Managers