Manipulating Accounts
In this blog post, I will guide you through the effective utilization of data processors during account collections to address common use cases. If you are not familiar with data processors, I recommend reading the Data Processors Basics before proceeding, as it will provide a foundational understanding of the concepts discussed in this blog.
Manipulating Account Resolution Attribute
In the scenario where admin accounts collected from Active Directory ADC are identified as orphans, with sAMAccountName formats differing from regular user accounts, we can resolve this by employing the Pre_ADC_Handler. This handler allows us to manipulate the raw data collected from the application and convert it to the desired format.
To implement this solution, follow the steps below:
- Log in to the console as a System Administrator.
- Navigate to Collectors > Account Collectors and select the account collector for the application in question.
- Click on Edit
- Choose the Pre Custom Processing option.
- Navigate through the subsequent screens by clicking Next until you reach the Pre-Processing Custom Script Details screen.
- Add the following SQL block below the comment "Custom Code Goes Here".
FOR AllAccounts IN (
SELECT
LTRIM(amap.account_name, 'x') as name
FROM
T_DC_SOURCEDATA_ACCOUNT_MAP amap
INNER JOIN T_DATA_COLLECTORS coll ON amap.dc_id = coll.id
WHERE
coll.id = v_dc_id
and amap.run_id = v_run_id
) LOOP
UPDATE
T_DC_SOURCEDATA_ACCOUNT_MAP AMAP
SET
AMAP.USER_NAME = AllAccounts.name
WHERE
AMAP.account_name = AllAccounts.name;
END LOOP;
In this SQL block, we are removing the 'x' prefix from the Active Directory sAMAccountName, assuming it is stored in the user identity for mapping purposes.
By implementing this manipulation in the Pre_ADC_Handler, we ensure that the sAMAccountName is appropriately modified before the unification process, allowing for accurate mapping of admin accounts to user identities.
- Click Validate to check for syntactical errors.
- Click Finish
Converting Account Status Format
For an application returning user account active status as true or false, but requiring conversion to an Account Disabled flag in the format of 1 and 0, we can achieve this by utilizing the Post_Account_Data_Load_Handler. This handler allows us to manipulate the data collected from the application and convert it to the desired format.
Follow these steps to implement the solution:
- Log in to the console as a System Administrator.
- Navigate to Collectors > Account Collectors and select the account collector associated with the application.
- Click on Edit.
- Choose the Post Custom Processing option.
- Navigate through the subsequent screens by clicking Next until you reach the Post-Processing Custom Script Details screen.
- Add the following SQL block below the comment "Custom Code Goes Here".
FOR DisabledAccounts IN (
SELECT
account.name,
CASE account.cas20 WHEN 'true' THEN '0' ELSE '1' END as isDisabled
FROM
T_AV_ACCOUNTS account
INNER JOIN T_DATA_COLLECTORS collector ON account.adc_id = collector.id
WHERE
collector.id= v_dc_id
) LOOP
UPDATE
T_AV_ACCOUNTS A
SET
A.IS_DISABLED = DisabledAccounts.isDisabled
WHERE
A.name = DisabledAccounts.name
AND A.ADC_ID = v_dc_id
END LOOP;
In this SQL block, we are setting the Account Disabled flag by inverting the active status flag.
By implementing this conversion in the Post_Account_Data_Load_Handler, we ensure that the data is processed after it is loaded from the application, and the account status is represented in the desired format. This solution provides a tailored approach to meet the specific requirements of your application's account status representation.
- Click Validate to check for syntactical errors.
- Click Finish
Updating IS_DISABLED Flag for an Account using Global Variables:
To convert data obtained from a REST endpoint to the required 1 or 0 format for the IS_DISABLED field of the accounts and set the value of the IS_DISABLED field, follow these steps:
- Log in to the console as a System Administrator.
- Navigate to Admin > System and click on the Global Variables tab.
- Add the following configurable setting and save:
- Variable Name: processor_collector_enabled_values
- Value: 'ACTIVE','YES','TRUE','1'
- This solution utilizes configurable settings, specifically the processor_collector_enabled_values variable, to define enabled data fields that may be received through data collectors. Adjust the values in this variable to match the enabled flags for the accounts obtained from the REST endpoint.
- Navigate to Collectors > Account Collectors and select the account collector for the application.
- Click on Edit
- Choose the Pre Custom Processing option.
- Navigate through the subsequent screens by clicking Next until you reach the Pre-Processing Custom Script Details screen.
- Add the following code snippet, adjusting the value of
CAS5to the appropriate data column that contains the enabled flag for the account being collected:
DECLARE
-- The run id and collector id will be substituted for variables v_run_id and v_dc_id during processing time.
v_run_id NUMBER := :1;
v_dc_id NUMBER := :2;
/*----------------------------------------------------------------------------------------------*/
/* Custom Variables */
/*----------------------------------------------------------------------------------------------*/
-- Standard Set of variables
v_proc_name T_AV_JOB_STATS.Proc_Name%TYPE := 'ADC_Transformer';
-- Procedure Specific variables
v_custom_message VARCHAR2(2000) := 'ADC Transformer';
v_log_message VARCHAR2(2000);
v_is_disabled NUMBER;
v_enabled_values VARCHAR2(2000);
BEGIN
/*----------------------------------------------------------------------------------------------*/
/* Custom Code - Start */
/*----------------------------------------------------------------------------------------------*/
-- begin message
UNFC_Processor_Log.INFO_BEGIN(v_run_id, v_proc_name, v_custom_message);
-- Fetch the list of enabled values from the AVUSER.T_AV_GLOBAL_VARIABLES table
-- 'ACTIVE','YES','TRUE','1'
SELECT UPPER(value) INTO v_enabled_values
FROM AVUSER.T_AV_GLOBAL_VARIABLES
WHERE parameter = 'processor_collector_enabled_values';
-- Log the enabled values
v_log_message := 'Enabled Values: ' || v_enabled_values;
UNFC_Processor_Log.INFO_INFO(v_run_id, v_proc_name, v_log_message);
FOR AllAccounts IN (SELECT name, cas5 AS status
FROM T_DC_SOURCEDATA_ACCOUNT WHERE dc_id = v_dc_id AND run_id=v_run_id )
LOOP
-- Store the result of the CASE expression in v_is_disabled
v_is_disabled := 1; -- Assume disabled by default
-- Convert the enabled values into a table using XMLTABLE
FOR enabled_value IN (SELECT TRIM(COLUMN_VALUE) AS enabled_value FROM XMLTABLE(v_enabled_values))
LOOP
IF UPPER(AllAccounts.status) = enabled_value.enabled_value THEN
v_is_disabled := 0; -- Enable if the status matches any enabled value
EXIT; -- Exit the loop after finding a match
END IF;
END LOOP;
-- Update the custom account attribute IS_DISABLED that holds the account disabled status
-- Need to update at least one collected attribute if the change has to be persisted.
UPDATE T_DC_SOURCEDATA_ACCOUNT SET IS_DISABLED = v_is_disabled,
CAS5 = AllAccounts.status || ' : ' || v_run_id
WHERE name = AllAccounts.name AND run_id=v_run_id;
-- Construct the log message
v_log_message := 'Account: ' || AllAccounts.name || ', Status: '
|| AllAccounts.status || ', IS_DISABLED: ' || v_is_disabled;
-- Print the log message using UNFC_Processor_Log.INFO_INFO
UNFC_Processor_Log.INFO_INFO(v_run_id, v_proc_name, v_log_message);
END LOOP;
-- end message
UNFC_Processor_Log.INFO_END(v_run_id, v_proc_name, v_custom_message);
/*----------------------------------------------------------------------------------------------*/
/* Custom Code - End */
/*----------------------------------------------------------------------------------------------*/
END;
- Click Validate to check for syntactical errors.
- Click Finish
- Run the collectors and validate.