Title
Best practices for configuring technical and user update rules
Applicable version
All Saviynt Versions
Best Practices
- Rule Consolidation: Analyze your existing technical rules and identify any duplication or overlap. Look for rules that have similar or overlapping conditions, actions, or entitlements. Consolidate these rules into a single rule to eliminate redundancy and simplify rule management.
Rule 1:
Condition: status=1 and customproperty30='USA'
Action: Assign Enterprise Role RoleA
Rule 2:
Condition: status=1 and department='Support'
Action: Assign Enterprise Role RoleA
Optimized Rule:
Condition: ((status=1 and customproperty30='USA') OR (status=1 and department='Support'))
Action: Assign Enterprise Role EntRole12
- Write optimized HQL query : While using Advance config, write optimized HQL query to avoid performance impact
Configure the rule condition using the 'status' attribute in conjunction with other out-of-the-box (OOB) indexed attributes.: The 'status' attribute typically represents the active or inactive state of users. By including it as a criterion in the rule condition, you can filter out inactive users at an early stage of evaluation. This reduces the number of users that need to undergo further evaluation, optimizing the performance of the rule execution.
Additionally, leveraging other OOB index attributes alongside the 'status' attribute can further expedite the evaluation process. These index attributes are specifically designed to facilitate efficient querying and filtering of user data. By incorporating them into the rule condition, you can narrow down the user set and focus on the relevant subset, improving the evaluation speed.
- Avoid using 'IN' function in the queries for definite values:
- Use OR Operator: Rather than using the 'IN' function with a list of values, break down the conditions into separate conditions connected with the OR operator.
- Consider using UNION or subqueries: In some cases, using UNION or subqueries might provide better performance than the 'IN' function. Evaluate whether restructuring the query using UNION or subqueries can improve the performance for your specific scenario.
- Examples:
status=1 and customproperty30 IN ('UK', 'USA', 'NZ')
can be replaced with
status=1 and (customproperty30='UK' OR customproperty30='USA' OR customproperty30='NZ')
- Consider avoiding 'Like' function in the queries
- If you must use the 'LIKE' function, try to limit the use of wildcard characters (% or _) at the beginning of the pattern. Starting a pattern with a wildcard makes it difficult for the database to utilize indexes effectively, resulting in slower query performance.
- In some cases, where complex pattern matching is required, regular expressions may provide a more efficient alternative to the 'LIKE' function.
- Preprocess data: If you are searching for patterns at the beginning or end of a string, consider inline preprocessing to extract and store that portion in a separate field . This allows you to use direct equality comparisons, which are generally faster than pattern matching with 'LIKE'
- When configuring User Update Rule to reevaluate technical rules, it is recommended to use 'Re-Run Selected Technical Rules' instead of 'Re-Run All Technical Rules' . This has several following advantages:
- "Re-Run Selected provisioning Rules" allows you to selectively re-evaluate and reapply specific provisioning rules that are relevant to the changes or updates you've made. This targeted approach reduces the processing overhead by focusing only on the necessary rules, resulting in faster execution times.
- Running all provisioning rules indiscriminately can have unintended consequences, such as triggering unnecessary actions or creating conflicts with other rules. By using the selective re-run option, you can minimize such risks and ensure that only the necessary rules are applied.
- When troubleshooting provisioning issues, using "Re-Run Selected provisioning Rules" allows you to isolate and test specific rules to identify any potential problems. This focused approach helps in identifying and resolving issues more efficiently without affecting other rules or user data.
- For more information on configuring RE-RUN RULES, please refer to the documentation: https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter05-Policies/Updating-User-Up...
- Consider Dynamic Assignments in your technical rule. This may help reduce no. of rules required to be configured and thus evaluated.
Key Benefit (Quantitative/qualitative)
Better performance of rules processing