Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

User Update Rule v/s Detective Job

rambhan
New Contributor II
New Contributor II

We were told to use user update rules going forward instead of running detective jobs. We used user update rules, and it's working fine for joiners and movers. In Movers, we have one particular use case where if we click on preview for the condition specified in the technical rule, it says 8 users are matching the condition, but tasks are getting created for the only users that are updated. Our ask here is that we want the detective functionality to create tasks for all 8 existing users, but we don't want to use detective jobs any more.

13 REPLIES 13

PremMahadikar
All-Star
All-Star

Hi @rambhan ,

1. Use analytic report to have the same condition in the SQL query with 'Allowed Action' (Use actions accordingly as per the requirement)

PremMahadikar_2-1710452062009.png

2. Create job to trigger analytic report and schedule it accordingly

Job Name

<Name of trigger>

Job Type

AnalyticsESJob

Analytics Categories

movers

Execute Default Action for Analytics

Checked

Cron Expression

Either include as part of a chain job or schedule individually as per the customer's requirement.

PremMahadikar_1-1710451959828.png

I hope this helps!

 

If this answers your question, please consider selecting Accept As Solutions and hit Kudos

rushikeshvartak
All-Star
All-Star

Can you share rule configuration


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rambhan 

What is the trigger condition for the user update rule - like Trigger when user is updated from UI/API etc. Is that condition satisfied for the users? It will trigger only for those users.

Regards,

Dhruv Sharma

rambhan
New Contributor II
New Contributor II

Yes we used trigger action as - Trigger when user is updated from UI

for exisiting users and we have updated only one user instead of 9 users.

Q: Is there any other way like how we can create tasks for all 9 existing users without updating manually from UI ?

 

Hi @rushikeshvartak  
Here is the screenshot when we click on preview, we are almost seeing 9 users meeting the condition.

rambhan_0-1710488335694.png

Condition specified in user update rule is 

rambhan_1-1710488408320.png

We have updated only one user and tasks were generated for one user. 

Q: if all 9 users has to get triggered at one time with out updating any values which specific condition do we have to use ?

[This message has been edited by moderator to mask PII info]

Dhruv_S
Saviynt Employee
Saviynt Employee

Since the trigger condition is satisfied for one user, rule will trigger for one user only. To trigger for all, you need to do it from detective job or modify some attribute from UI for all these 9 users.

rambhan
New Contributor II
New Contributor II

Hi @Dhruv_S 

Yes we understood the concept of user updated from UI.

But we have 9 exisiting users and those 9 users will never be updated since we are using for testing purpose. One more important thing is since detective job is depricated, we don't want to use detective job going forward, however we need detective functionality like to trigger 9 users without updating any attributes from user update rules.

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @rambhan 

Detective job is not deprecated. 

Please refer to the release notes of 23.12. Deprecated word has been removed as part of SS-6240.

I don't think there is any alternative approach. Still, you can wait for the community to respond with better ideas.

Regards,

Dhruv Sharma

 

 

.

rambhan
New Contributor II
New Contributor II

Hi @Dhruv_S 

Reviewed the release notes and I can see the word deprecated is displayed in the job name:

rambhan_0-1710490876924.png

Since we already have that implemented in V23.11

rambhan_1-1710490974005.png

 

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @rambhan 

Job is not deprecated. It is still in use, and you can use it. The issue was in the word deprecated wrongly present in the job description which was expected to be removed in 23.11. It doesnot show deprecated in latest versions.

You can use this job. However, make sure to make the rule as detective and run it for user update rule only so that technical rules are not triggered. If there are more number of rules, there are chances of the job getting stuck.

Regards,

Dhruv Sharma

rambhan
New Contributor II
New Contributor II

Hi @Dhruv_S  Thanks for that confirmation.

Can you also confirm if we enable option retro fit at user update rules 

rambhan_0-1710495408164.png

will that creates tasks for the all existing 9 users without getting updated either from ui or api or import ?

 

Try from import


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @rambhan 

Yes -if retrofit is enabled and detective job is run for user update rule. It will work for all the users which satisfy it's condition. Please note that if the existing rule is created without enabling retrofit, you cannot make it retrofit later. New rule need to be created.

Regards,

Dhruv Sharma