RSA Governance & Lifecycle Data Processors: Setting is Disabled flag in REST account collectors
Article Number
Resolution
In this article, I will go over a specific use case o manipulating the data collected through REST account collectors to set the account disabled flag.
If you are unfamiliar with data processors, I suggest you read the Data Processors : Basics before proceeding.
The solution below will convert the data coming from REST endpoint to 1 or 0 that are required for IS_DISABLED field of the accounts. In this example, we are going to read the enabled values and set the value of is disabled.
Steps
- Login to console as System Administrator
- Navigate to Admin > System and click on Global Variables tab.
- This solution uses configurable settings to allow defining of enabled data fields that may come through data collectors. Add the following and save.processor_collector_enabled_values'ACTIVE','YES','TRUE','1'
- Navigate to Collectors > Account Collectors and click on the account collector for the application.
- Click Edit.
- Select the Pre Custom Processing
- Click Next a few times till you get to the "Pre-Processing Custom Script Details" screen.
- Add the following code snippet. Adjust the value of CAS5 to the appropriate data column that contains the enabled flag for the account being collected.
DECLARE -- The run id and collector id will be substituted for variables v_run_id and v_dc_id during processing time. v_run_id NUMBER := :1; v_dc_id NUMBER := :2; /*----------------------------------------------------------------------------------------------*/ /* Custom Variables */ /*----------------------------------------------------------------------------------------------*/ -- Standard Set of variables v_proc_name T_AV_JOB_STATS.Proc_Name%TYPE := 'ADC_Transformer'; -- Procedure Specific variables v_custom_message VARCHAR2(2000) := 'ADC Transformer'; v_log_message VARCHAR2(2000); v_is_disabled NUMBER; v_enabled_values VARCHAR2(2000); BEGIN /*----------------------------------------------------------------------------------------------*/ /* Custom Code - Start */ /*----------------------------------------------------------------------------------------------*/ -- begin message UNFC_Processor_Log.INFO_BEGIN(v_run_id, v_proc_name, v_custom_message); -- Fetch the list of enabled values from the AVUSER.T_AV_GLOBAL_VARIABLES table -- 'ACTIVE','YES','TRUE','1' SELECT UPPER(value) INTO v_enabled_values FROM AVUSER.T_AV_GLOBAL_VARIABLES WHERE parameter = 'processor_collector_enabled_values'; -- Log the enabled values v_log_message := 'Enabled Values: ' || v_enabled_values; UNFC_Processor_Log.INFO_INFO(v_run_id, v_proc_name, v_log_message); FOR AllAccounts IN (SELECT name, cas5 AS status FROM T_DC_SOURCEDATA_ACCOUNT WHERE dc_id = v_dc_id AND run_id=v_run_id ) LOOP -- Store the result of the CASE expression in v_is_disabled v_is_disabled := 1; -- Assume disabled by default -- Convert the enabled values into a table using XMLTABLE FOR enabled_value IN (SELECT TRIM(COLUMN_VALUE) AS enabled_value FROM XMLTABLE(v_enabled_values)) LOOP IF UPPER(AllAccounts.status) = enabled_value.enabled_value THEN v_is_disabled := 0; -- Enable if the status matches any enabled value EXIT; -- Exit the loop after finding a match END IF; END LOOP; -- Update the custom account attribute IS_DISABLED that holds the account disabled status -- Need to update at least one collected attribute if the change has to be persisted. UPDATE T_DC_SOURCEDATA_ACCOUNT SET IS_DISABLED = v_is_disabled, CAS5 = AllAccounts.status || ' : ' || v_run_id WHERE name = AllAccounts.name AND run_id=v_run_id; COMMIT; -- Construct the log message v_log_message := 'Account: ' || AllAccounts.name || ', Status: ' || AllAccounts.status || ', IS_DISABLED: ' || v_is_disabled; -- Print the log message using UNFC_Processor_Log.INFO_INFO UNFC_Processor_Log.INFO_INFO(v_run_id, v_proc_name, v_log_message); END LOOP; -- end message UNFC_Processor_Log.INFO_END(v_run_id, v_proc_name, v_custom_message); /*----------------------------------------------------------------------------------------------*/ /* Custom Code - End */ /*----------------------------------------------------------------------------------------------*/ END; - Click Validate to check for syntactical errors.
- Click Finish
- Run the collectors and validate.
Related Articles
RSA Governance & Lifecycle Datareach Implementation Blueprint Number of Views Termination rule not generating a change request to disable the manually mapped accounts in RSA Identity Governance & Life… Number of Views Account Collector for Authentication Manager is not reading Disabled Accounts correctly in Identity Geovernance and Lifecy… Number of Views RSA Identity Governance and Lifecycle Provisioning -Termination rule is not generating change requests to revoke entitlements Number of Views User Picker ignores Include Terminated User flag in Via Lifecycle and Governance Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
