Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Running rules based on date - Best practice

MarkHancock
New Contributor III
New Contributor III

‎10/31/2022 06:49 AM

I have a question similar to How to Off-board Users Based on Their TimeZone? - Saviynt Forums - 11175 but more general.

What is currently the best practice and preferred method of running rules based on a date. For example, a new joiner account being created 7 days before their start date, or leaver being disabled on their end date and deleted 120 days later.

I’ve used a variety of techniques for this in the past, but two of these have been deprecated, and there may be better ways to do this now.

  1. Custom queries – Deprecated
  2. Having things like sysdate() directly in the rules and running Detective Rules Job – Deprecated.
  3. Using “ExecuteOn Select” in user update rules.
    • Doesn’t seem like it can be used in technical rules
    • What happens if a user’s start or end date changes – what happens to the pending tasks?
    • A fixed number of days
    • Can’t specify a time, e.g., 8pm
  4. Using the Saviynt For Saviynt connector for User Import and setting a flag based on the date and then a rule running when this flag changes, e.g. if ((u.enddate is null OR u.enddate > NOW()), 1, 0) as cp45
    • Requires a full import and will be slow for a system with lots of users
    • Flexible
  5. Similar technique as for the Saviynt For Saviynt connector but during pre-processing from HR user import
    • Still requires a full import, but these might be run daily anyway.
    • If multiple HR sources each will need configuring and a full import running.

Thanks,

Mark

0 Kudos
1 REPLY 1

amit_krishnajit
Saviynt Employee
Saviynt Employee

‎11/07/2022 02:50 AM

Saviynt for Saviynt - wouldn't this be used to only pick the users which satisfy the given conditions for the necessary JML process? e.g., the conditions will not always pick each and every user for processing every time, so why would it slow down the process? Also, you may use Saviynt REST APIs to import users with very specific conditions to pick specific users to import/update and execute the rules. 

If you are only provisioning access via technical rules, one way to do that is using actionable analytics. So, you may not need to use the executeOn in there and can trigger add access tasks from analytics as well. 

Thanks,
Amit
Copyright © 2024 Khoros, LLC