We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Multiple custom actions for assigning access technical rules

Caesrob
Regular Contributor
Regular Contributor

We have a technical rules which looks like this:

Caesrob_0-1701174617525.png

Currently, we are assigning entitlements based on a users customproperty7 and an entitlements customproperty38. If these have the same values, assign the entitlement.

We have stumbled upon a problem where if we delete a group from Active Directory and create a new one with the same name, this technical rule will assign both the present entitlement as well as the 'deleted on - TIMESTAMP' entitlement.

Is there a way to finetune this action so we can say:

Assign Groups::ev.customproperty38=substring_index(substring_index('${user.customproperty7}', ',' , 1), ',' , -1) AND ev.entitlement_value NOT LIKE '%Deleted on%'

This does not work as it will assign every entitlement that does not have deleted on, but it won't check the first custom action. 

Anyone have any idea how we can implement this?

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

Add status filter


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

How would i do this exactly? Could you edit the code so it checks for status 1?

Assign Groups::ev.customproperty38=substring_index(substring_index('${user.customproperty7}', ',' , 1), ',' , -1) AND ev.status=1


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

This still assigns the "deleted on - " entitlement even though its status is inactive:

Caesrob_1-1701176608754.png

 

 

This looks like defect


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Caesrob
Regular Contributor
Regular Contributor

Can someone give a second opinion on this being a bug? We don't want to create a ticket just to have it closed due to "misconfiguration".