No ratings
Saviynt Employee
Saviynt Employee

Use Case

Currently, it is not possible to execute any detective rule as it takes multiple hours or days to process, regardless of the number of records. But the issue is not limited to a specific rule; it occurs with all types of rules.


Two attempts were made to run the rules:

The first attempt triggered at xx:xx and completed the required tasks in around 10 minutes, but it remained incomplete even after xx hours, preventing the execution of any other rules.

The second attempt, after a server reboot, started at xx:xx. Again, all the necessary tasks were triggered in less than 5 minutes, but the task remains in "running" status even after xx hours.



Detective Rule

Applicable Version(s)




We provided the following steps as a workaround, which successfully resolved the issue:

To create a break glass solution using a custom query job, please follow the below steps:

  1. Navigate to the job control panel and create a custom query job.
  2. Apply the query to disable the "remove birthright condition" for all technical rules.
    • Job name as (JobA): update hanarule set REMOVEBIRTHRIGHTONFAIL=0 where HANARULEKEY in (43,21,24);
  3. Create another custom query job to enable the "remove birthright access condition" in all technical rules.
    • Job name as (JobB): update hanarule set REMOVEBIRTHRIGHTONFAIL=1 where HANARULEKEY in (43,21,24);
  4. Create a trigger chain job and put the custom query jobs in the trigger order field.
    • For example, the trigger order should be (JobA, Detective rule run job, JobB).

Note: We used the below query in production to identify the rules with the "remove birthright access" condition enabled:

select name,hanarulekey from hanarule where REMOVEBIRTHRIGHTONFAIL=1



Please create a support ticket to identify the performance issue with the detective rule if this behavior persists.
Version history
Last update:
‎04/05/2023 02:10 PM
Updated by: