and more in a single search tool across platforms. Read the announcement here. |
01/16/2024 03:04 AM - edited 01/16/2024 03:05 AM
Team,
Requirement: Don't trigger enable task for an endpoint if the employee class is other than EMPLOYEE and CONTRACTOR(Without changing trigger condition)
I am doing an enhancement in existing user update rule where trying to restrict rule from creating any task if employee class of an identity is anything else other than employee and contractor.
Expected task: enable account , Endpoint: MyAccess
We don't want to touch the rule trigger condition as this enhancement is only for single endpoint. This single rule trigger tasks for all endpoints.
Attempt to solve: Now, to achieve this requirement rather than making any changes in trigger condition, I am trying to write a query in the filter option given on the user update rule, see below snapshot
The sample says - accounts.customproperty i.e. it supports query on accounts table.
But I have to query on user table, If users.employeeclass is EMPLOYEE and CONTRACTOR - then trigger enable account task.
I tried few query on user table didn't work, accounts table with inner query on user table - still didn't work. Not sure if we can use users table here in this filter option.
Can anyone confirm if users table can be use to perform a query check at said option and if so, any sample query would be helpful.
Please let me know if anyone has explored/used this feature of Saviynt.
Thanks,
Rohit
01/16/2024 03:35 AM
Since the action is on accounts, the filter condition is only for accounts. This is expected.
However, I will check internally and confirm if it is somehow possible here to filter based on users also.
Since you want this to happen only on a particular endpoint, one approach you can try is to create a new user update rule with same conditions and added condition of Employee/Contractor in conditions and keeping only that endpoint in the actions.
Also you need to keep other endpoints in the current rule and remove this endpoint from the current rule.
Basically two rules
1. Rule1- Employee/contractor conditions +action only on that selected ep
2. Rule2- No Employee/Contractor conditions+ all other eps mentioned in the actions
Please test in lower environment first and do thorough testing.
Regards,
Dhruv Sharma
01/23/2024 02:22 AM
Hi @Dhruv_S ,
Thanks for your input. Did you get a chance to check internally on this?
In this case, we have to use existing rule to achieve this since Its kind of rehire scenario(enable account if user joins back within 45 days with diff employee class).
Creating a new rehire rules(we have 6 combination of it, less than or greater than 45 days) for a specific endpoint is not recommended by design architect. Hence, trying to find best possible solution solve this case.
Let me know if you find any.
Thanks
Rohit
01/16/2024 05:24 AM
can you try
a.accountkey in ( select ua.accountkey from user_accounts ua,users u where ua.accountkey=a.accountkey and u.userkey=ua.userkey and u.employeeclass ='EMPLOYEE')
01/23/2024 02:13 AM
It didn't work.
Task still got created!!
01/28/2024 10:28 PM
I have confirmed internally. The filter condition here is applicable to accounts table only.
As suggested previously, it is achievable with two separate user update rules.
Regards,
Dhruv Sharma
02/08/2024 12:17 AM
Okay, Thanks @Dhruv_S for checking this.