Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/24/2024 03:07 AM
Hello,
i am trying to implement a conditional logic to give the user SAV ROLES "ROLE_SAV_ENDUSER" based on the employeeclass
i created the technical rule like the following:
a.statuskey = 1
AND (a.employeeclass != '911'
AND a.employeeclass != '912'
AND a.employeeclass != '913'
AND a.employeeclass != '914'
AND a.employeeclass != '915'
AND a.employeeclass != '916'
AND a.employeeclass != '921'
AND a.employeeclass != '922'
AND a.employeeclass != '923'
AND a.employeeclass != '924'
AND a.employeeclass != '925'
AND a.employeeclass != '926'
AND a.employeeclass != '951'
AND a.employeeclass != '952'
AND a.employeeclass != '953'
AND a.employeeclass != '954'
AND a.employeeclass != '955'
AND a.employeeclass != '956'
AND a.employeeclass != '961'
AND a.employeeclass != '962'
AND a.employeeclass != '963'
AND a.employeeclass != '964'
AND a.employeeclass != '965'
AND a.employeeclass != '966')
AND (a.customproperty5 IS NULL
OR a.customproperty5 = 'A'
OR a.customproperty5 = 'P')
and then trigger it with a user update rule:
i followed the tips here and i tried of course to test with basic condition like a.statuskey = 1
but it didn't work and my question is
having SAV4SAV connection is a must to fullfill such requirement?
i also saw that only the new created users in saviynt will be affected but i also tested for that and it didn't work..
so if the user already exist it can't be done on update?
what is the employee class is updated, how can we ensure it follows the condition?
am i missing something in the configurations?
thank you!!
10/24/2024 04:12 AM - edited 10/24/2024 04:13 AM
@Roua you have added the logic in json as well right to add the role?
And a condition when a value gets updated which will trigger the rule.
10/24/2024 04:16 AM
@NM
thank you,
i didn't know sav4sav is a must therefor i am still searching on how exactly it must be configured
so even here : https://forums.saviynt.com/t5/identity-governance/assign-sav-role-to-existing-and-newly-creating-use...
it was mentioned: make sure Saviynt to Saviynt is enabled and sav roles entitlement type is present and all sav roles as entitlement values..
do you have an example of the sav4sav configuration to achive it?
10/24/2024 04:20 AM
@Roua https://docs.saviyntcloud.com/bundle/Saviynt-REST-based-Guide/page/Content/Understanding-Integration...
Here.
10/24/2024 04:26 AM
thank you so much! @NM
and another question, in this case it will wo0rk for bith new users as well as if the employeeclass for example changes on the already existing users?
and do you think this is a better use case than using actionable report ?
i also saw you can assign it in the job but the thing is we have a condition so it is not a basic role
10/24/2024 04:59 AM - edited 10/24/2024 04:59 AM
@Roua in job you can't filter for specific class .. so user update rule and technical rule works for existing and new user.
10/24/2024 05:58 AM
10/24/2024 06:02 AM
10/24/2024 06:07 AM
Thank you so much
so incase i have an additional SAV role with a condition i cant still use the sav4sav same connection
or what do you mean by assign the missing sav roles ?
@rushikeshvartak
10/24/2024 06:14 AM
10/24/2024 06:09 AM
@NM @rushikeshvartak
i tried to upload the file in the documentation and it was uploaded correctly yet still ican't see it in the history, is it a problem if i just configured what is written for each parameter in my existing sav4sav connection ?
10/24/2024 03:24 PM
@NM @rushikeshvartak
can you please help me with understanding how this is supposed to work :
i tried what in the documentation but the job fails:
https://docs.saviyntcloud.com/bundle/Saviynt-REST-based-Guide/page/Content/Understanding-Integration...
and i found the following:
https://forums.saviynt.com/t5/saviynt-knowledge-base/how-to-trigger-birthright-rules-for-existing-us...
i followed it and the job is success but i am not sure it is working
so what is the process now if for example teh employeeclass is updated the user update rule will trigger the technical rule to check the condition to asign sav_role_enduser
would this create a task ?
and also when am i supposed to run the saviynt job to make it work?
am i supposed to include the conditional logic also in the connection ?
for now my configuration of sav4sav:
import user json :
{
"connection": "acctAuth",
"url": "https://xxxxx-test.saviyntcloud.com/ECM/api/v5/getUser",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpParams": "{\"userQuery\":\"username like 'user123' \"}",
"httpContentType": "application/json",
"colsToPropsMap": {
"username": "username~#~char",
"employeeclass": "employeeclass~#~char"
},
"userResponsePath": "userdetails"
}
also in my user update rule i have "create user update task" and i chose the endpoint SAP rest connector
but this always result in creating update user task without a security system like the following:
10/24/2024 05:56 PM
It seems other rule is getting triggered check user update history
10/24/2024 07:29 PM
1) yes it creates a task .. it works in the same way as any other endpoint/application
2) for update user task it won't be having any endpoint and ss name
You need to create a job and select update user as the task type in it.