Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

Tips to improve Technical and User Update Rule performance

sai_sp
Saviynt Employee
Saviynt Employee

on ‎07/17/2023 11:31 AM

Title
Best practices for configuring technical and user update rules
Applicable version

All Saviynt Versions

Best Practices

  • Rule Consolidation: Analyze your existing technical rules and identify any duplication or overlap. Look for rules that have similar or overlapping conditions, actions, or entitlements. Consolidate these rules into a single rule to eliminate redundancy and simplify rule management.
    • When two birthright rules are configured with different conditions but the same action, it is recommended to combine the rules using an OR condition

    • In the below example Rule 1 and Rule 2 can be combined into a single rule as explained below

 

 

Rule 1: 
  Condition: status=1 and customproperty30='USA' 
  Action:    Assign Enterprise Role RoleA
Rule 2: 
  Condition: status=1 and department='Support' 
  Action:    Assign Enterprise Role RoleA
Optimized Rule:
Condition: ((status=1 and customproperty30='USA') OR (status=1 and department='Support'))
Action: Assign Enterprise Role EntRole12

 

 

  • Write optimized HQL query : While using Advance config, write optimized HQL query to avoid performance impact

  • Configure the rule condition using the 'status' attribute in conjunction with other out-of-the-box (OOB) indexed attributes.: The 'status' attribute typically represents the active or inactive state of users. By including it as a criterion in the rule condition, you can filter out inactive users at an early stage of evaluation. This reduces the number of users that need to undergo further evaluation, optimizing the performance of the rule execution.

    Additionally, leveraging other OOB index attributes alongside the 'status' attribute can further expedite the evaluation process. These index attributes are specifically designed to facilitate efficient querying and filtering of user data. By incorporating them into the rule condition, you can narrow down the user set and focus on the relevant subset, improving the evaluation speed.

  • Avoid using 'IN' function in the queries for definite values:
    • Use OR  Operator:  Rather than using the 'IN' function with a list of values, break down the conditions into separate conditions connected with the OR operator.
    • Consider using UNION or subqueries: In some cases, using UNION or subqueries might provide better performance than the 'IN' function. Evaluate whether restructuring the query using UNION or subqueries can improve the performance for your specific scenario.
    • Examples: 

 

 

status=1 and customproperty30 IN ('UK', 'USA', 'NZ')

 

 can be replaced with 

 

status=1 and (customproperty30='UK' OR customproperty30='USA' OR customproperty30='NZ') ​

 

 

  • Consider avoiding 'Like' function in the queries
    • If you must use the 'LIKE' function, try to limit the use of wildcard characters (% or _) at the beginning of the pattern. Starting a pattern with a wildcard makes it difficult for the database to utilize indexes effectively, resulting in slower query performance.
    • In some cases, where complex pattern matching is required, regular expressions may provide a more efficient alternative to the 'LIKE' function.
    • Preprocess data: If you are searching for patterns at the beginning or end of a string, consider inline preprocessing to extract and store that portion in a separate field . This allows you to use direct equality comparisons, which are generally faster than pattern matching with 'LIKE'
  • When configuring User Update Rule to reevaluate technical rules,  it is recommended to use 'Re-Run Selected Technical Rules' instead of 'Re-Run All Technical Rules' . This has several following advantages:
    • "Re-Run Selected provisioning Rules" allows you to selectively re-evaluate and reapply specific provisioning rules that are relevant to the changes or updates you've made. This targeted approach reduces the processing overhead by focusing only on the necessary rules, resulting in faster execution times.
    • Running all provisioning rules indiscriminately can have unintended consequences, such as triggering unnecessary actions or creating conflicts with other rules. By using the selective re-run option, you can minimize such risks and ensure that only the necessary rules are applied.
    • When troubleshooting provisioning issues, using "Re-Run Selected provisioning Rules" allows you to isolate and test specific rules to identify any potential problems. This focused approach helps in identifying and resolving issues more efficiently without affecting other rules or user data.
    • For more information on configuring RE-RUN RULES, please refer to the documentation: https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter05-Policies/Updating-User-Up...  
  • Consider Dynamic Assignments in your technical rule. This may help  reduce no. of rules  required to be configured and thus evaluated.  
 

Key Benefit (Quantitative/qualitative)

Better performance of rules processing



Comments
yogesh2
Regular Contributor II
Regular Contributor II
‎05/28/2024 09:22 PM
What is the maximum number of user update / technical rules you have seen in a Saviynt instance?

I just want to get an idea how many rules Saviynt can handle without running into performance issues.

How many rules can we create without worrying about issues like performance problems and skipped users where rules fail to evaluate?

Version history
Last update:
‎06/29/2023 03:08 PM
Updated by:
Saviynt Employee
Copyright © 2024 Khoros, LLC