Saviynt Forums

Could you please give me a brief overview of this?

1. Create User update and based on logic 
2. trigger Enable account task
3. DISABLEACCOUNTJSON should have logic that to move to temporary OU.

Create another user update rule after 5 days again call REMOVEACCOUNTACTION and move to final OU.

I am using using SQL query in analytics. Its fine right

Yes. SQL should be fine

I'm trying to call this analytics through rest connection . 

I want to know what we give here in connection this line: url: {url}/api/v5/fetchControlDetailsES

Is it fetchControlDetailsES?

Because when we used runtime analytics we used fetchControlDetailsES.

Hi @Vidhya ,

Please create a job trigger for the analytics and utilise the same in the below Rest Call to invoke the analytics.

API to be used: {{url}}/ECM/{{path}}/runAnalyticsControls

Saviynt Security Manager API Reference v5.5SP5/v2020.1 (getpostman.com)

You also need to specify the Default action in your analytics. Also, better to use aliases in your query (accounts a, users u)

'deleteAccount' as Default_Action_For_Analytics

Thanks,

Armaan

Hi @armaanzahir ,

I have done the same but it doesnt create any tasks.

We get data when we run the query in data analyzer but the job is running for one second and it is success .

Hi @armaanzahir ,

When I tried running the report manually the action is not editable 

Hi @naveenss ,

I have done actionable analytics and action as delete account . 

Following is my query:

select username,ACCOUNTKEY acctkey,datediff(STR_TO_DATE(DATE_FORMAT(termDate,'%d-%m-%Y'),'%d-%m-%Y'),STR_TO_DATE(DATE_FORMAT(curdate(),'%d-%m-%Y'),'%d-%m-%Y')) as Day from users left join accounts on systemUsername = name where datediff(STR_TO_DATE(DATE_FORMAT(termDate,'%d-%m-%Y'),'%d-%m-%Y'),STR_TO_DATE(DATE_FORMAT(curdate(),'%d-%m-%Y'),'%d-%m-%Y'))=-5

When i run the job its not updating the customproperty65 as well it doesnt create any pending tasks

use deprovision access

Deprovision Access

When Deprovision Access is configured as an allowed action, it removes the entitlement from a particular account. When this action is performed on a record, a Remove Access task is created for removing access in the target application.

The Analytics query must have the columns given below:
entvaluekey- Entitlement value key of the entitlement which will be removed from the account.
acctKey - Accountkey of the account from which the entitlement access will be revoked.

Sample query:

• Schedule from Run All V2 Analytics Job

   

  SQL

  select ae1.entitlement_valuekey as entvaluekey,ev.ENTITLEMENT_VALUE,ae1.accountkey as acctKey, a.name, 'Deprovision Access' as 'Default_Action_For_Analytics' from account_entitlements1 ae1, accounts a , entitlement_values ev where a.accountkey = ae1.accountkey and ev.ENTITLEMENT_VALUEKEY=ae1.ENTITLEMENT_VALUEKEY and a.endpointkey=12;

   

   

• Schedule from Run All V1 Analytics Job

   

  SQL

  select ae1.entitlement_valuekey as entvaluekey,ev.ENTITLEMENT_VALUE,ae1.accountkey as acctKey, a.name, 'Deprovision Access' as 'Default_Action_For_Analytics' from account_entitlements1 ae1, accounts a , entitlement_values ev where a.accountkey = ae1.accountkey and ev.ENTITLEMENT_VALUEKEY=ae1.ENTITLEMENT_VALUEKEY and a.endpointkey=12;

   

   

This action can also be configured as a default action, i.e., it will be automatically performed when the Analytics control is executed.

https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter17-EIC-Analytics/Configuri...

Hi @vidyaa 

Can you please try the below query?

SELECT 
    u.username,
    a.ACCOUNTKEY AS acctKey,
    DATEDIFF(STR_TO_DATE(DATE_FORMAT(termDate, '%d-%m-%Y'),
                    '%d-%m-%Y'),
            STR_TO_DATE(DATE_FORMAT(CURDATE(), '%d-%m-%Y'),
                    '%d-%m-%Y')) AS Day,
'Delete Account' as Default_Action_For_Analytics
FROM
    users u
        LEFT JOIN
    accounts a ON u.systemUsername = a.name
WHERE
    DATEDIFF(STR_TO_DATE(DATE_FORMAT(u.termDate, '%d-%m-%Y'),
                    '%d-%m-%Y'),
            STR_TO_DATE(DATE_FORMAT(CURDATE(), '%d-%m-%Y'),
                    '%d-%m-%Y')) = - 5

 Please let me know if this helps! 

I tried the above query it fetches the result in data analyzer but when i try to run it manually its not editable . Please refer the screenshot below:

Can you confirm if you have selected "Delete Account" in the Allowed action option? Also, in the query please add SYSDATE() in your query like below:

SELECT 
    u.username,
    a.ACCOUNTKEY AS acctKey,
    DATEDIFF(STR_TO_DATE(DATE_FORMAT(termDate, '%d-%m-%Y'),
                    '%d-%m-%Y'),
            STR_TO_DATE(DATE_FORMAT(CURDATE(), '%d-%m-%Y'),
                    '%d-%m-%Y')) AS Day,
SYSDATE(),
'Delete Account' as Default_Action_For_Analytics
FROM
    users u
        LEFT JOIN
    accounts a ON u.systemUsername = a.name
WHERE
    DATEDIFF(STR_TO_DATE(DATE_FORMAT(u.termDate, '%d-%m-%Y'),
                    '%d-%m-%Y'),
            STR_TO_DATE(DATE_FORMAT(CURDATE(), '%d-%m-%Y'),
                    '%d-%m-%Y')) = - 5

Yes, I added delete account in allowed action . And when i run this analytic with sysdate() . I get below error:

Can you please share the screenshot of the analytics configuration?

Hi @naveenss ,

Hi @Vidhya ,

The configuration looks good. Can you please remove the SYSDATE() from the query and execute the analytics once? And please share the entire logs for the run

This is the error I'm facing when I run the job

From the logs, I could see you are running the account import job instead of user import? Can you please confirm?

Yes, user import doesnt do anything

Hi @Vidhya ,

dis you tried with account import job which I mentioned above?

Application Data Import (Single Threaded)

yes it is giving error like cannot get property processingType on null object

Please select 

Hi @rushikeshvartak ,

I selected it but still its not editable 

I used this in import json in rest connection to call analytics . Is this fine?

Hi @Vidhya,

That shouldn’t be the problem but you are taking action on account here so can try it in AccountEntImport json instead of user import json and run account import job and try once.

But this is due to rest connection so account import job from database will not work right?

I can find userimportjob(via connection) as suitable one

There is job for account import under DATA using Rest connection.

Application Data Import (Single Threaded)

I get cannot get property processingType as null object error when i run this job

If you're running the account import job, then you should have the JSON populated under ImportAccountEntJSON. Seems like that is missing.  Please refer to the below developer handbook to construct the JSON for account import. 

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm