Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to exclude Disable Account and Remove Access from Provisioning Job?

weixiangteoh
New Contributor II
New Contributor II

‎09/11/2024 03:41 AM

Hi All,

We having such requirement that for Leaver Scenario, the de-provisioning task shall only processed after EndDate 23:59.

And at the same time, for Provisioning task ( New Account, Update Account, Add Access, Remove Access ) need to be processed immediately for ( New Joiner, Mover, and Access Request related ).

In order to achieve both use cases, we have 2 jobs as below: 

Job 1 :  Provisioning Job run every 5 mins

Advance Query : and (at.TASKTYPE in(1,2,3,8) and at.SECURITYSYSTEM in (6) and at.SOURCE != 'PROVRULE') 

Job 2: EndDate DeProvisioning - run daily 11:59PM

Advance Query : and (at.TASKTYPE in (2,8,14) and at.SOURCE = 'PROVRULE')

However, we facing issue as the De-Provisioning task create as part of Leaver , it get processed by Job 1 and causing early de-provisioning of access.

Let us know how to update Advance query, so that the de-provisioning task will get executed at correct time and it will get ignore by Job 1.

Thanks

Wei

 

Labels:
0 Kudos
5 REPLIES 5

NM
Esteemed Contributor
Esteemed Contributor

‎09/11/2024 03:44 AM

@weixiangteoh you said provisioning still you listed remove access which falls under deprovision access.

You have defined task type 2 in both .. only have it in 2nd job.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

weixiangteoh
New Contributor II
New Contributor II

‎09/11/2024 03:50 AM

@NM ,

We still need Remove Access being deprovision for Access Request related.

Just for Remove Access related Leaver which trigger by User Update Rules , we put up filter task equal "PROVRULE"

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to weixiangteoh

‎09/11/2024 05:27 AM

Can you share task details from data analyzer query which was got processed from job 1 instead of job 2


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

fuko
Regular Contributor
Regular Contributor

‎09/12/2024 03:59 AM

Hi @rushikeshvartak @NM , we did a few rounds of test and concluded that our provisioning jobs with Advance query worked as indented.

For more context:

We chained this job with another Analytic job in a Trigger chain Job.

We discovered that if we put the provision job WSRETRYJOB in the trigger chain, the Advance query is discarded and only the Basic tab is applied.

Since we left the Basic tab blank, every task of every endpoint was executed.

Is this the expected behavior?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to fuko

‎09/12/2024 08:17 AM

this is not expected behavior. Please raise support ticket for defect


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC