Saviynt Forums

rohitkumarraj · ‎01/16/2024

Team,

Requirement: Don't trigger enable task for an endpoint if the employee class is other than EMPLOYEE and CONTRACTOR(Without changing trigger condition)

I am doing an enhancement in existing user update rule where trying to restrict rule from creating any task if employee class of an identity is anything else other than employee and contractor.

Expected task: enable account , Endpoint: MyAccess

We don't want to touch the rule trigger condition as this enhancement is only for single endpoint. This single rule trigger tasks for all endpoints.

Attempt to solve: Now, to achieve this requirement rather than making any changes in trigger condition, I am trying to write a query in the filter option given on the user update rule, see below snapshot

The sample says - accounts.customproperty i.e. it supports query on accounts table.

But I have to query on user table, If users.employeeclass is EMPLOYEE and CONTRACTOR - then trigger enable account task.

I tried few query on user table didn't work, accounts table with inner query on user table - still didn't work. Not sure if we can use users table here in this filter option.

Can anyone confirm if users table can be use to perform a query check at said option and if so, any sample query would be helpful.

Please let me know if anyone has explored/used this feature of Saviynt.

Thanks,
Rohit

Dhruv_S · ‎01/16/2024

Hi @rohitkumarraj

Since the action is on accounts, the filter condition is only for accounts. This is expected.

However, I will check internally and confirm if it is somehow possible here to filter based on users also.

Since you want this to happen only on a particular endpoint, one approach you can try is to create a new user update rule with same conditions and added condition of Employee/Contractor in conditions and keeping only that endpoint in the actions.

Also you need to keep other endpoints in the current rule and remove this endpoint from the current rule.

Basically two rules

1. Rule1- Employee/contractor conditions +action only on that selected ep

2. Rule2- No Employee/Contractor conditions+ all other eps mentioned in the actions

Please test in lower environment first and do thorough testing.

Regards,

Dhruv Sharma

rohitkumarraj · ‎01/23/2024

Hi @Dhruv_S ,

Thanks for your input. Did you get a chance to check internally on this?

In this case, we have to use existing rule to achieve this since Its kind of rehire scenario(enable account if user joins back within 45 days with diff employee class).

Creating a new rehire rules(we have 6 combination of it, less than or greater than 45 days) for a specific endpoint is not recommended by design architect. Hence, trying to find best possible solution solve this case.

Let me know if you find any.

Thanks

Rohit

rushikeshvartak · ‎01/16/2024

can you try

a.accountkey in ( select ua.accountkey from user_accounts ua,users u where ua.accountkey=a.accountkey and u.userkey=ua.userkey and u.employeeclass ='EMPLOYEE')

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

rohitkumarraj · ‎01/23/2024

It didn't work.

Task still got created!!

Dhruv_S · ‎01/28/2024

Hi @rohitkumarraj

I have confirmed internally. The filter condition here is applicable to accounts table only.

As suggested previously, it is achievable with two separate user update rules.

Regards,

Dhruv Sharma

rohitkumarraj · ‎02/08/2024

Okay, Thanks @Dhruv_S for checking this.

Saviynt Forums

User Update Rule - Uses of filter query