We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Regex/Condition queries on hidden attributes

petra_bremer
New Contributor III
New Contributor III
Following this article: https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter13-Access-Requests/ars-man..., the update user form was implemented to adapt the view based on the SAVRole.
 
Therefore two attributes were created, which are linked to the same column.
For example:
First Name (X) - editable => including Regex
First Name - read only
 
For a dedicated view, we only show the attribute "First Name" and hide the attribute "First Name (x). Nevertheless, there is no Regex on the shown "First Name" attribute, the regex of the hidden attribute verifies in the background the values. 
 
Therefore an error message for the regex is shown for an hidden attribute, for which the dedicated SAVRole cannot make changes.
 
What can be done so that hidden attributes are not validated in the request
12 REPLIES 12

rushikeshvartak
All-Star
All-Star

share validation logic


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Here an example using lastname in the Register User Form:

We use a REGEX expression to validate the attribute.

Screenshot User form Validation.png

READ ONLY ATTRIBUTEEDITABLE ATTRIBUTE
Attribute Name*: lastname
Request Type: User
Attribute Label: Last Name
Attribute Group: 1. Identity Attributes
Order Index: 5
Attribute Type: String
Values: EMPTY
Default Values: EMPTY
Regex: EMPTY
Description: EMPTY
Action String: EMPTY
Validation Condition: EMPTY
Failure Message: EMPTY
User Column: lastname
Required: FALSE
Editable On Create: FALSE
Editable On Update: FALSE
Hide On Create: TRUE
Hide On Update: FALSE
Duplicate not allowed: FALSE
Parent Attribute: EMPTY
What action to perform when Parent attribute changes?: EMPTY

Attribute Name*: lastnameEXT
Request Type: User
Attribute Label: Last Name (x)
Attribute Group: 1. Identity Attributes
Order Index: 4
Attribute Type: String
Values: EMPTY
Default Values: EMPTY
Regex: ^[A-Za-z]+((\s)?((\'|\-|\.)?([A-Za-z])+))*$
Description: EMPTY
Action String: EMPTY
Validation Condition: EMPTY
Failure Message: EMPTY
User Column: lastname
Required: TRUE
Editable On Create: TRUE
Editable On Update: TRUE
Hide On Create: FALSE
Hide On Update: FALSE
Duplicate not allowed: FALSE

Parent Attribute: EMPTY
What action to perform when Parent attribute changes?: EMPTY

try Action NREQ


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi  Rushikesh Vartak,

Can you give me a detailed explanation? Is NREQ a function in Saviynt? Where exactly should this entry be made? By Action, do you mean the action string parameter in the respective attribute? Or is NREQ to be used as a function within the Regex parameter?

Thanks & best regards

Petra Bremer

https://forums.saviynt.com/t5/identity-governance/register-user-dynamic-attribute-set-quot-editable-...

similar like this follow action string syntax 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Darshanjain
Saviynt Employee
Saviynt Employee

It should work as per your requirement, Can you keep the Dynamic attribute with regex condition set to be Required as False, Editable on update/create can be set any as per your requirement.

Let me know if still face a issue please check the logs or paste the error screenshot

Thank you for pointing this out. I will now check the recommended documentation to see if it is sufficient for our requirements.

If not, I'll give additional information.

Hi Darshanjain,

I have recreated the case using NREQ. Unfortunately, this does not bring any improvement.
I have written a more detailed description in the attached document.
Apparently, NREQ only suppresses the use of a field in the request. But we need an optional validation of a field - depending on whether it is visible or not. This seems to be done already in the GUI and not only during the transfer to the request.

Description-PDF and Logfile are attached.

Regards

Darshanjain
Saviynt Employee
Saviynt Employee

Hi Petra,

This works in create user requests page, for update user request as both DA's are set to the same column ( when we load the page- both of them are loading and then getting hidden ), so when ever a request is getting submitted it still validates.

So this will not work, one other thing what i can tell you is for the other DA ( extone which has regex condition ),store it in the different column and then by other way ( custom query or via Api )update the last name based on any custom property.

This might be not be perfect design but right now it seems the only way to achieve the use case

Hi Darshan ,

Thank you for the investigation and the recommendation of the workaround. I will discuss this with the customer.

We have discussed the workaround with the customer. Unfortunately, it is not a solution for us, as we need validation on the GUI.

For employeetype "Internal", firstname and lastname should be read-only - without validation, but For employeetype "External" the fields should be writable and therefore validated accordingly.

While special characters are allowed in the name for internal users, they should be prevented for external users.

 

The solution we have now found for us:

We use the Validation Condition parameter on the dynamic attribute. There, we can differentiate between internal and external users via an if-condition.

Example:

${(null == Employeetype || 'INTERN'.equals(Employeetype)) ||  ('EXTERN'.equals(Employeetype) && (null!= firstname) &&  (firstname==~ /^[A-Za-z]+((\s)?((\'|\-|\.)?([A-Za-z])+))*$/))}

This solves the problem for us.

Nevertheless, thank you for the support.

Yes if you can use the regex in validation condition then it will work as you are using one DA for both employee types.