In this article, I will go over how we can effectively use data processors during account collections to solve some common use cases.
If you are unfamiliar with data processors, I suggest you read the Data Processors : Basics before proceeding.
Example : Manipulate account resolution attribute
I am collecting admin accounts for users from Active Directory ADC, and these accounts are being collected as orphans. The sAMAccountName for admin accounts are in the format 'x' prefixed to the regular user's sAMAccountName. We want these accounts to be mapped to user identities.
We can solve this by using the Pre_ADC_Handler, to manipulate the raw data collected from the application and convert the data to desired format.
- Login to console as System Administrator
- Navigate to Collectors > Account Collectors and click on the account collector for the application.
- Click Edit.
- Select the Pre Custom Processing
- Click Next a few times till you get to the "Pre-Processing Custom Script Details" screen.
- Update to add the following SQL block below the comment "Custom Code Goes Here". Here we are stripping the prefixed x from the Active Directory sAMAccountName to calculate the sAMAccountName of the user's regular Active Directory username so that it can be mapped to the user identity. We are assuming that the sAMAccountName is stored in the user identity for mapping purposes.
FOR AllAccounts IN ( SELECT LTRIM(amap.account_name, 'x') as name FROM T_DC_SOURCEDATA_ACCOUNT_MAP amap INNER JOIN T_DATA_COLLECTORS coll ON amap.dc_id = coll.id WHERE coll.id = v_dc_id and amap.run_id = v_run_id ) LOOP UPDATE T_DC_SOURCEDATA_ACCOUNT_MAP AMAP SET AMAP.USER_NAME = AllAccounts.name WHERE AMAP.account_name = AllAccounts.name COMMIT; END LOOP; - Click Validate to check for syntactical errors.
- Click Finish
Example : Convert account status format
I have an application (non database type) that return the user's account active status as true or false. However, I need to convert this to Account Disabled flag, which takes a 1 and 0.
We can solve this by using the Post_Account_Data_Load_Handler, to manipulate the data collected from the application and convert the data to desired format.
- Login to console as System Administrator
- Navigate to Collectors > Account Collectors and click on the account collector for the application.
- Click Edit.
- Select the Post Custom Processing
- Click Next a few times till you get to the "Post-Processing Custom Script Details" screen.
- Update to add the following SQL block below the comment "Custom Code Goes Here". Here we are setting the account disabled flag by inverting the active status flag.
FOR DisabledAccounts IN ( SELECT account.name, CASE account.cas20 WHEN 'true' THEN '0' ELSE '1' END as isDisabled FROM T_AV_ACCOUNTS account INNER JOIN T_DATA_COLLECTORS collector ON account.adc_id = collector.id WHERE collector.id= v_dc_id ) LOOP UPDATE T_AV_ACCOUNTS A SET A.IS_DISABLED = DisabledAccounts.isDisabled WHERE A.name = DisabledAccounts.name AND A.ADC_ID = v_dc_id COMMIT; END LOOP; - Click Validate to check for syntactical errors.
- Click Finish
Example : Update is disabled flag for an account
See Data Processors : Setting Is Disabled flag in REST account collectors
Related Articles
RSA Governance & Lifecycle Data Processors: Manipulating Identities Number of Views Access Manager SNMP dispatcherActiveAuthServersEntry does not show all aservers Number of Views Identities are not sorted alphabetically in RSA Kety Manager Server 2.2 Number of Views Unable to Save changes to Account Collector in RSA Identity Governance & Lifecycle Number of Views RSA Governance & Lifecycle Data Processors: Basics Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
