This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
AndyCheek
New Contributor
New Contributor
‎2019-04-05 11:47 AM

IGL 7 - setting attribute from User Attribute Change rule

The help for User Attribute Change rules states that we can set a managed attribute but gives NO indication or real examples of how you can set the attribute to a non-literal value, e.g. run date.

 

It says ...

For example, assume the following:
The condition for an attribute change rule detects changes in the departments to which users belong.
A locally managed user date data type attribute, “Last Transfer Date,” is included in the user attribute set.
In this case, you could specify that the action sets the transfer date value to the date when the department change is detected by the rule. A review designer, for instance, could then design a user review that includes only those users who have transferred to another department in the last 30 days as indicated by the value of “Last Transfer Date.”

 

This is essentially what we want to do … but how do we specify that the managed attribute should be updated with the run date of the rule?

Labels (1)
Labels
0 Likes
Reply
4 Replies
BorisLekumovich
Respected Contributor Respected Contributor
Respected Contributor
‎2019-04-07 07:36 PM

Here is one way

 

pastedImage_1.png

0 Likes
Reply
AndyCheek
New Contributor
New Contributor
In response to BorisLekumovich
‎2019-04-10 05:13 AM

Thanks Boris Lekumovich‌ - does that depend on the TYPE of the managed attribute then? I.e. if the attribute is STRING or INTEGER then the detection date option does not appear? I did wonder if that was the case, since we don't currently have any managed DATE attributes.

0 Likes
Reply
AndyCheek
New Contributor
New Contributor
In response to BorisLekumovich
‎2019-04-16 08:08 AM

Ahah. Have answered my own question - yes it does depend on the attribute type. So that's all good.

 

I have one more query on the Attribute Change rule though - for "new" users who already have an inactive IGL record (i.e. they were active, then left, and have now rejoined) … does the rule treat that as a new user or an update to an existing user? Put another way - does the rule only work on ACTIVE records, rendering the fact that there was an existing INactive record irrelevant?

0 Likes
Reply
BorisLekumovich
Respected Contributor Respected Contributor
Respected Contributor
In response to AndyCheek
‎2019-04-16 10:10 PM

Hmm

I would say that this scenario is a change for existing users.

But I suggest you test it to be sure.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.