Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Update custom property when user not in file

aalvarez_mk
New Contributor II
New Contributor II

I have a requirement to onboard a view into Saviynt using a DB connection. The view will have a single field (ties to username). The view is not authoritative for identity creation/management. If a user is in the view, we need to provision access to an AD group. If they are removed from the view, we should remove the AD group. I have tried creating a new connection and setting a user import to set a custom property which can be used in a rule for provisioning access. That works as expected. However, I don't know how to clear the custom property if they no longer show up in the view. Possibly using modifyuserdatajson?

Or possibly a change of approach may be warranted. Any assistance would be appreciated.

3 REPLIES 3

Saathvik
All-Star
All-Star

@aalvarez_mk : Yes you have to use inline preprocessor logic which goes to MODIFYUSERDATAJSON.

Sample JSON: Here CUSTOMPROPERTYxx is attribute you are updating with user is coming from VIEW so replace it with appropriate CP.

{
    "ADDITIONALTABLES": {
        "USERS": "SELECT USERNAME,CUSTOMPROPERTYxx FROM USERS",
    },
    "COMPUTEDCOLUMNS": [
        "CUSTOMPROPERTYxx",
    ],
    "TABLEINDEXES": {
        "CURRENTUSERS": [
            "USERNAME"
        ],
        "NEWUSERDATA": [
            "USERNAME"
        ]
    },
    "PREPROCESSQUERIES": [
        "UPDATE CURRENTUSERS CU LEFT JOIN NEWUSERDATA NU ON CU.USERNAME = NU.USERNAME SET CU.CUSTOMPROPERTYxx='' WHERE NU.USERNAME IS NULL and CU.CUSTOMPROPERTYxx IS NOT NULL"
    ]
}

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Thank you so much. I will give this a try and confirm here.

Saathvik,

Tried using the UPDATE CURRENTUSERS but it was not successful. I'm not sure the currentusers allows updating user data, and is just a temporary table for access. I modified the original query to filter a user who exists in the view, and their data was not modified.