Saviynt Forums

Alex · ‎03/06/2023

Hi,

as it is currently not supported to set the account name for service accounts to read only, we need to find a workaround to enforce our naming convention.
Therefore we thought about two options:
1. Regex to check account name => not possible as this option validates all accountnames within a security system and therefore also the personal ones, which have a different naming convention

2. Via workflow: We try to realize it via workflow, but therefore we would need to add a if-else clause to check, if the account name set within the request follows a defined convention. Is this possible to query that attribute account name within the workflow to perform a validation?

Thanks

Alex · ‎03/09/2023

anyone who can provide a possible solution for this issue?

prasannta · ‎03/09/2023

You can probably try to use the 2nd option and use the if-else block to query the accountname variable. You can use accounts table to fetch the accountname. Try using (accounts.name) to perform your validation.

Alex · ‎03/10/2023

Hi prasannta,
was also my assumption, but isn't it the case, that during a pending request, the account data is still not available in the accounts table.
The check needs to happen directly after submitting the request and where the workflow kicks in, which would means neither the accounts table attributes nor the tasks table attributes are queryable. We would need to check the accountname defined during the request. Is there also some table for this?
Thanks!

sk · ‎03/10/2023

request_access_attrs table should have request details

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Saviynt Forums

Service Account: Validate account name in workflow