and more in a single search tool across platforms. Read the announcement here. |
11/05/2022 04:40 PM
Hi Experts,
Maybe a basic question, but I am still try to get hang of this product.
As per my understanding, when a new user is created, it should have atleast END_USER SAV role for this user to login. Is that correct?
If that is correct then how can I assign this SAV role as default? Like Birthright...
I read somewhere that to assign SAV roles to users through Technical rule, SaviyntForSaviynt should be enabled. Is that correct?
If yes, and if SAV ROLE is a minimum requirement for someone to login, the why is SaviyntForSaviynt optional?
Also, how can I now trigger this rule for existing users.
Regards,
Naveen
11/06/2022 05:48 AM
There are several ways you can do this
detailed solution
11/06/2022 08:12 AM
Hi @rushikeshvartak ,
Does that mean that enabling Saviynt4Saviynt is mandatory to assign SAV role?
While creating technical rule as well I can see that "Object" ROLE_SAV_* comes only under Object Type "SaviyntForSaviynt::SAVRole"
Regards
Naveen
11/06/2022 12:33 PM
Its not mandatory to have saviynt 4 saviynt but if you want to automate or let request catalog based for saviynt application object such as user group , sav role then saviynt 4 saviynt is required
11/06/2022 12:38 PM
Does that mean that if I create a User Group "Group1", for me to assign users to this group based on a user's field say JobCode, I have to enable Saviynt 4 Saviynt?
Technical Rule (BirthRight and Detective) --> Detective Rules and Take Action (DETECTIVEPROVISIONINGRULESJOB)
Regards,
Naveen
11/06/2022 12:51 PM
Exactly true. in order to add access to user saviynt consider every access as entitlement
11/07/2022 02:10 AM
I am not winning, could you please check and help where I might be going wrong.
1. Enabled Saviynt4Saviynt
2. Created UserGroup "Business"
3. Ran Saviynt job "SaviyntForSaviyntEntValueImportTrigger" to catalog
4. Created Detective Technical Rule
5. Ran Saviynt job again "SaviyntForSaviyntEntValueImportTrigger" to catalog.
6. Created DETECTIVEPROVISIONINGRULESJOB provisioning job
7. Although the job run is successful, there is no user added to my UserGroup "Business" even when rule is satisfied for 3 users
Below is SaviyntForSaviynt Security System
What am I missing?
Regards,
Naveen
11/07/2022 03:34 AM
User update rule ?
does user getting updated or you want existing all users to get business then run saviynt4 saviynt account import
11/07/2022 06:25 AM
I want all users with users.jobCode = "Business" be added to User Group "Business", both existing and new.
Regards
Naveen
11/08/2022 09:04 AM - edited 11/08/2022 09:09 AM
- Fetching getTechRuleMap for user-36 , talanos.user4\n","stream":"stdout","time":"2022-11-08T16:05:00.84446162Z"}"
- objectname = ROLE_SAV_ENDUSER , objecttype=14\n","stream":"stdout","time":"2022-11-08T16:05:00.844519021Z"}"
- entVal = ROLE_SAV_ENDUSER\n","stream":"stdout","time":"2022-11-08T16:05:00.844627539Z"}"
- EntValSet in getTechRule [ROLE_SAV_ENDUSER]\n","stream":"stdout","time":"2022-11-08T16:05:00.848400483Z"}"
- Fetching getTechRuleMap for user-36 , talanos.user4 done\n","stream":"stdout","time":"2022-11-08T16:05:00.848429887Z"}"
Start Create Task Zero Day Provisioning\n","stream":"stdout","time":"2022-11-08T16:05:00.84843581Z"}"
systemEndpointEnt = [SaviyntForSaviynt:[ROLE_SAV_ENDUSER]]\n","stream":"stdout","time":"2022-11-08T16:05:00.848440439Z"}"
sql = Select a from ArsTasks a where a.accountName=:accname and a.users.id =:userid and a.tasktype = 3 and endpoint.id =:epid and ( a.status = 1 or a.status = 6 ) \n","stream":"stdout","time":"2022-11-08T16:05:00.848518869Z"}"
sqlentnewacc = Select a from ArsTasks a where a.users.id = :userid and a.accountName=:accname and a.tasktype = 1 and entitlement_valueKey.id =:entvalid and ( a.status = 1 or a.status = 6 ) \n","stream":"stdout","time":"2022-11-08T16:05:00.848535633Z"}"
sqlentexisacc = Select a from ArsTasks a where a.users.id = :userid and a.accountKey.id =:acckey and a.tasktype = 1 and entitlement_valueKey.id =:entvalid and ( a.status = 1 or a.status = 6 ) \n","stream":"stdout","time":"2022-11-08T16:05:00.848544003Z"}"
systemEndpointEnt:: [SaviyntForSaviynt:[ROLE_SAV_ENDUSER]]\n","stream":"stdout","time":"2022-11-08T16:05:00.848675668Z"}"
SystemEndPointEnt Map [SaviyntForSaviynt:[ROLE_SAV_ENDUSER]]\n","stream":"stdout","time":"2022-11-08T16:05:00.849830218Z"}"
saviynt.ImportExternalDbService - Zero Day Limit = 100\n","stream":"stdout","time":"2022-11-08T16:05:00.84985896Z"}"
saviynt.ImportExternalDbService - Creating Zero Day Task for - talanos.user4\n","stream":"stdout","time":"2022-11-08T16:05:00.849864024Z"}"
saviynt.ImportExternalDbService - Inside getEPAccMapForUser...... \n","stream":"stdout","time":"2022-11-08T16:05:00.849868658Z"}"
saviynt.ImportExternalDbService - account Status from Config...... 2_3_4_Manually-Suspended\n","stream":"stdout","time":"2022-11-08T16:05:00.850654348Z"}"
saviynt.ImportExternalDbService - accountStatusSet...... [1, 2, 3, 4, Manually Provisioned, Manually Suspended]\n","stream":"stdout","time":"2022-11-08T16:05:00.850681064Z"}"
saviynt.ImportExternalDbService - Exit getEPAccMapForUser..EndAccMap-[:]\n","stream":"stdout","time":"2022-11-08T16:05:00.851269942Z"}"
saviynt.ImportExternalDbService - EndAccMap-[:]\n","stream":"stdout","time":"2022-11-08T16:05:00.851297174Z"}"
saviynt.ImportExternalDbService - Checking for endpoint : 6 and entitlements-entid:128-entval:ROLE_SAV_ENDUSER\n","stream":"stdout","time":"2022-11-08T16:05:00.854596839Z"}"
saviynt.ImportExternalDbService - ExistingAccObj-null\n","stream":"stdout","time":"2022-11-08T16:05:00.854620818Z"}"
services.WorkflowService - Account Name Rule :null\n","stream":"stdout","time":"2022-11-08T16:05:00.854630557Z"}"
services.WorkflowService - Account Name Rule Not Found selected Username as Account Name:talanos.user4\n","stream":"stdout","time":"2022-11-08T16:05:00.855625134Z"}"
println.PrintlnToLogger - Println :: talanos.user4\n","stream":"stdout","time":"2022-11-08T16:05:00.855650102Z"}"
saviynt.ImportExternalDbService - AccountName-talanos.user4\n","stream":"stdout","time":"2022-11-08T16:05:00.855655556Z"}"
saviynt.ImportExternalDbService - returning from condn. entList.toString().contains(null) == false \u0026\u0026 existingAccountObj == null\n","stream":"stdout","time":"2022-11-08T16:05:00.855706855Z"}"
11/08/2022 09:10 AM
@rushikeshvartak Not sure what I am missing but rules are not working for me.... I have pasted log
11/08/2022 10:34 AM
Its not working for new account or modify account. In externalconfig.properties there is threshold for no. of accounts can be processed during zero day provisioning
11/08/2022 10:42 AM
Its not working for both new and modify. In externalconfig.properties limit is 100, and my total number of users is 135.
Below is externalconfig.properties
# Set the default Zero Day & Term User Limit
userImport.zeroDayLimit=100
userImport.termUserLimit=100
#USER.DEFAULTEMAILADDRESS=""
sav.useLDAPasbackend=false
Regards,
Naveen
11/08/2022 10:44 AM
Please share rule screenshot . Did you ran wsretry ? Does tasks created under pending tasks
@NikhilGuptaSav - Using UserUpdate Rule he want to assign additional sav role to user
11/08/2022 10:50 AM
User Rule:
Technical Rule "Assign End User Sav Role"
Jobs I am running, but no tasks are created in "Pending Tasks"
11/08/2022 10:58 AM
11/08/2022 11:09 AM
I was hoping to assign users to that "Staff" organization
But without Organization and changing the query to advanced, still there is no new task, nor any user assigned the SAV Role.
11/08/2022 11:27 AM
Users.statuskey =1 AND Users.username not in ('admin')
Does preview shows results ?
11/08/2022 11:28 AM
Yes, all of them.
11/08/2022 11:33 AM
Did you updated query as per last reply? and ran job?
11/08/2022 11:38 AM
Yes, please find the screenshot below for technical rule
And I ran this job:
But nothing happened 😞
11/08/2022 11:47 AM
Updated query was
Users.statuskey=1 and Users.username not in ('admin')
11/08/2022 11:54 AM
11/08/2022 10:29 AM
You can assign the default role for users in the connector itself. When you run the user import, depending upon what's set as a default sav role in the connection, that role gets assigned. You don't need any extra steps like Sav4Sav
11/08/2022 10:32 AM
This is for visibility of particular connection. If you have sav role mentioned you will be able to see connection. Question is different
11/08/2022 10:41 AM
so it the question really to assign another sav role on top of the default sav role?
11/08/2022 12:46 PM
Hi Nikhil,
Just to clarify the requirement again, I have done the initial upload through a file. Now I want these users to have a SAV Role as "ROLE_SAV_ENDUSER", also I want to add any user with jobCode "Business" to User Group "Business".
For this I have enabled Sav4Sav and created Technical Rules to "assign" based on these conditions.
But this is not working for me with both Technical Rules and User Update Rules
11/08/2022 02:27 PM
Use saviynt 4 saviynt accounts import
11/09/2022 01:49 AM
I did that but it doesn't bring any new accounts. Do you think there is any config missing there?
Regards,
Naveen
11/08/2022 02:45 PM
1. How will your user import work in Prod? Will it be CSV or using some connector? If it's going to be a connector, then by default, you will have an option to assign a Default Sav role via the connector
2. When using rules, you don't have to mark them detective and birthright. Uncheck those options and then try again
11/09/2022 01:42 AM - edited 11/09/2022 01:42 AM
Hi Nikhil,
1. How will your user import work in Prod? Will it be CSV or using some connector? If it's going to be a connector, then by default, you will have an option to assign a Default Sav role via the connector
- I am using DB connector to get the data, but first bulk load is from CSV
2. When using rules, you don't have to mark them detective and birthright. Uncheck those options and then try again
- I tried but this is not working for existing users. How will the rule trigger for existing users if it is not marked birthright or detective
Regards,
Naveen
11/09/2022 03:22 AM
If first load was done from csv . Why don’t you assign entitlement using accounts import