Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

How To - Determine Active users List not in feed after full user import

RakeshMG
Saviynt Employee
Saviynt Employee

on ‎03/30/2023 03:58 PM

Use Case

To determine Active users List not in feed after full user import.
 

Applicable Version(s)

All

Solution

Below query can be used to identify all the users which are active in SSM but were not part of the feed of the last full user import. This helps us to identify missing users list to take remedial actions on the users missed-

  1. Terminate users in case users have been terminated in HR for e.g. users that are active more than required, which can cause SOX control failure/s.
  2. Update missing properties in SSM based on information fetched from the HR.

 

SELECT

    u.DISPLAYNAME,

    u.USERNAME,

     u.CUSTOMPROPERTY3 AS 'IDENTITYSTATUS',

     u.CUSTOMPROPERTY30 AS 'LASTUPDATETIME',

    u.STATUSKEY,

    u.JOB_ID,

     u.CUSTOMPROPERTY22 AS UserEmail

FROM

    users u

WHERE

    (job_id < (SELECT

            ecmimp.jobid

        FROM

             ecmimportjob ecmimp

        WHERE

            coments LIKE '%fullorincremental:full]'

                AND jobname = 'UserImportJob'

        ORDER BY ecmimp.jobstartdate DESC

        LIMIT 1)

        AND u.statuskey = 1);

 

  • Query runs on users table and finds out if the jobid is less than that of the last full user import or not.
  • Last full import job id will be the max of jobid in ecmimportjob table.

 

NOTE: 

  • Limitation of the above control is that you cannot run it after an incremental import. The reason being, incremental does not update all records but only the delta changes. Therefore, all other get picked up in the report.
  • It is recommended to run it after a full import but before an incremental import is run.
Labels:
0 Kudos
Comments
navneetv
Regular Contributor II
Regular Contributor II
‎10/04/2023 07:34 AM

Hi @RakeshMG is there any way, I can use some kind of attribute in the technical rule, where the user AD account is created when the user is in the feed after the start date? if the User is not in the Feed then the AD creation task should not be triggered.

example :

XYZ user start date is the 5th  then AD should be created on 6th if the user is in feed, if not then AD should not be created 

Version history
Last update:
‎03/30/2023 03:58 PM
Updated by:
Saviynt Employee
Contributors
Copyright © 2024 Khoros, LLC