Restricting update of users

Kaushik1
New Contributor
New Contributor

Hi Team,

We have a SOAP connection where we are importing data of users from Workday for identity type A. SO, if user has identity type A and one of the custom property mentioned as B, we say user is present in Workday and data will be imported from WD to Saviynt for that particular user. There are cases where users will be present in Workday but in case their identity type will be updated in Saviynt, We want to restrict users data to be updated into Saviynt user profile when User do not have identity type - A and one of the custom property mentioned as B.

How can we achieve this case? Can this be restricted via modify user json, where we will be just importing data and by applying filter if custom property is B and Identity type is A then only update the data in Saviynt.

14 REPLIES 14

sahil
Saviynt Employee
Saviynt Employee

The inline processing can only be used to update the user's metadata but not to restrict a user form getting imported. Let me check if there is any other way to do this and will update you.


Regards,
Sahil

Kaushik1
New Contributor
New Contributor

Is there any other way to restrict user data in Saviynt?

naveenss
All-Star
All-Star

Yes. this can be achieved using inline preprocessor. based on the condition set the username in the inline preprocessor as null. this will restrict the user update.

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

We have below condition mentioned in modify user json still we are seeing entries(other custom properties) populated in saviynt from HR even though the condition is not met

"UPDATE NEWUSERDATA N1 LEFT JOIN CURRENTUSERS U ON TRIM(LEADING '0' FROM N1.USERNAME)=U.USERNAME SET N1.USERNAME = CASE WHEN (U.REGIONCODE <> 'A' AND !(U.CUSTOMPROPERTY51 <=>'B')) THEN NULL ELSE N1.USERNAME END;",

 

Should this query be able to restrict users data to be updated in saviynt user profile even though user is present in HR but regioncode in saviynt is not A or Custom property51 is not B.

Hello Team,

Do we have an update please?

sahil
Saviynt Employee
Saviynt Employee

Though there is no direct way to restrict Users getting imported to not be updated, this is a possible solution @naveenss suggested. Can you confirm if you are using Username in your recon field or if it is a different one. Also, please mention the value of the recon field under ADDITIONALTABLES and COMPUTEDCOLUMNS section.

This is assuming the DB query you are using is correct and gives the desired output when you use it as select statement.


Regards,
Sahil

Kaushik1
New Contributor
New Contributor

We are using username in Recon field.

Below is the sample of fields being added under additional table -"ADDITIONALTABLES": {
"USERS" : "SELECT USERNAME,CUSTOMPROPERTY51 FROM USERS"},

Below is the sample of fields being added under computed table -

"COMPUTEDCOLUMNS": [
"OWNER","USERNAME"]

The custom property 51  is the CP which should be 'B' as per the requirement along with region code 'A' then only user profile should be updated with the data being pulled in HR Import JSON

Any update on the above query?

share your current query

@rushikeshvartak , Have replied back to Sahil's query but no reply yet

If above conditions does not match then user should not be updated

sahil
Saviynt Employee
Saviynt Employee

@Kaushik1 Can you check your query to see if it is correct. I just tested a simple scenario on my env and it works for me.  I directly updated the username value as Null in preprocessor query and my record was not created/updated.

It should work and in case it does not please check the job logs to analyze.


Regards,
Sahil

Kaushik1
New Contributor
New Contributor

Below is the query:

"PREPROCESSQUERIES": [
"UPDATE NEWUSERDATA SET USERNAME = TRIM(LEADING '0' FROM USERNAME);",
"UPDATE NEWUSERDATA N1 LEFT JOIN CURRENTUSERS U ON TRIM(LEADING '0' FROM N1.USERNAME)=U.USERNAME SET N1.USERNAME = CASE WHEN (U.REGIONCODE <> 'Employee' AND !(U.CUSTOMPROPERTY51 <=>'True')) THEN NULL ELSE N1.USERNAME END;",

sahil
Saviynt Employee
Saviynt Employee

Can you run the query to verify if is returning the desired output.


Regards,
Sahil