Saviynt Forums

petra_bremer · ‎01-31-2023

Following this article: https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter13-Access-Requests/ars-man..., the update user form was implemented to adapt the view based on the SAVRole.

Therefore two attributes were created, which are linked to the same column.

For example:

First Name (X) - editable => including Regex

First Name - read only

For a dedicated view, we only show the attribute "First Name" and hide the attribute "First Name (x). Nevertheless, there is no Regex on the shown "First Name" attribute, the regex of the hidden attribute verifies in the background the values.

Therefore an error message for the regex is shown for an hidden attribute, for which the dedicated SAVRole cannot make changes.

What can be done so that hidden attributes are not validated in the request

rushikeshvartak · ‎01-31-2023

share validation logic

Regards,

Rushikesh Vartak

petra_bremer · ‎02-01-2023

Here an example using lastname in the Register User Form:

We use a REGEX expression to validate the attribute.

READ ONLY ATTRIBUTE

EDITABLE ATTRIBUTE

Attribute Name*: lastname
Request Type: User
Attribute Label: Last Name
Attribute Group: 1. Identity Attributes
Order Index: 5
Attribute Type: String
Values: EMPTY
Default Values: EMPTY
Regex: EMPTY
Description: EMPTY
Action String: EMPTY
Validation Condition: EMPTY
Failure Message: EMPTY
User Column: lastname
Required: FALSE
Editable On Create: FALSE
Editable On Update: FALSE
Hide On Create: TRUE
Hide On Update: FALSE
Duplicate not allowed: FALSE
Parent Attribute: EMPTY
What action to perform when Parent attribute changes?: EMPTY

Attribute Name*: lastnameEXT
Request Type: User
Attribute Label: Last Name (x)
Attribute Group: 1. Identity Attributes
Order Index: 4
Attribute Type: String
Values: EMPTY
Default Values: EMPTY
Regex: ^[A-Za-z]+((\s)?((\'|\-|\.)?([A-Za-z])+))*$
Description: EMPTY
Action String: EMPTY
Validation Condition: EMPTY
Failure Message: EMPTY
User Column: lastname
Required: TRUE
Editable On Create: TRUE
Editable On Update: TRUE
Hide On Create: FALSE
Hide On Update: FALSE
Duplicate not allowed: FALSE

Parent Attribute: EMPTY
What action to perform when Parent attribute changes?: EMPTY

rushikeshvartak · ‎02-01-2023

try Action NREQ

Regards,

Rushikesh Vartak

petra_bremer · ‎02-02-2023

Hi Rushikesh Vartak,

Can you give me a detailed explanation? Is NREQ a function in Saviynt? Where exactly should this entry be made? By Action, do you mean the action string parameter in the respective attribute? Or is NREQ to be used as a function within the Regex parameter?

Thanks & best regards

Petra Bremer

rushikeshvartak · ‎02-02-2023

https://forums.saviynt.com/t5/identity-governance/register-user-dynamic-attribute-set-quot-editable-...

similar like this follow action string syntax

Regards,

Rushikesh Vartak

Darshanjain · ‎02-02-2023

It should work as per your requirement, Can you keep the Dynamic attribute with regex condition set to be Required as False, Editable on update/create can be set any as per your requirement.

Let me know if still face a issue please check the logs or paste the error screenshot

petra_bremer · ‎02-03-2023

Thank you for pointing this out. I will now check the recommended documentation to see if it is sufficient for our requirements.

If not, I'll give additional information.

petra_bremer · ‎02-06-2023

Hi Darshanjain,

I have recreated the case using NREQ. Unfortunately, this does not bring any improvement.
I have written a more detailed description in the attached document.
Apparently, NREQ only suppresses the use of a field in the request. But we need an optional validation of a field - depending on whether it is visible or not. This seems to be done already in the GUI and not only during the transfer to the request.

Description-PDF and Logfile are attached.

Regards

Darshanjain · ‎02-09-2023

Hi Petra,

This works in create user requests page, for update user request as both DA's are set to the same column ( when we load the page- both of them are loading and then getting hidden ), so when ever a request is getting submitted it still validates.

So this will not work, one other thing what i can tell you is for the other DA ( extone which has regex condition ),store it in the different column and then by other way ( custom query or via Api )update the last name based on any custom property.

This might be not be perfect design but right now it seems the only way to achieve the use case

petra_bremer · ‎02-09-2023

Hi Darshan ,

Thank you for the investigation and the recommendation of the workaround. I will discuss this with the customer.

petra_bremer · ‎02-10-2023

We have discussed the workaround with the customer. Unfortunately, it is not a solution for us, as we need validation on the GUI.

For employeetype "Internal", firstname and lastname should be read-only - without validation, but For employeetype "External" the fields should be writable and therefore validated accordingly.

While special characters are allowed in the name for internal users, they should be prevented for external users.

The solution we have now found for us:

We use the Validation Condition parameter on the dynamic attribute. There, we can differentiate between internal and external users via an if-condition.

Example:

${(null == Employeetype || 'INTERN'.equals(Employeetype)) || ('EXTERN'.equals(Employeetype) && (null!= firstname) && (firstname==~ /^[A-Za-z]+((\s)?((\'|\-|\.)?([A-Za-z])+))*$/))}

This solves the problem for us.

Nevertheless, thank you for the support.

Darshanjain · ‎02-10-2023

Yes if you can use the regex in validation condition then it will work as you are using one DA for both employee types.

Saviynt Forums

Regex/Condition queries on hidden attributes