I have following question: Is there any way to determine, change of which user attribute in Identity Store, has triggered a modify task?
I am thinking about implementing a functionality that would automatically handle inactive users.
I load last logon data from SAP back-ends, consolidate it accordingly and this gives me information on which users are active and which are not on individual SAP systems.
Now I need to invalidate them to spare licenses but allow quick roll back if needed ("Grace period") and after some time (like 45 days or so), remove all relevant business roles from them in order to completely delete them from SAP.
I was thinking about creating attribute like "Z_INACTIVE_<REP_NAME>" (one for each repository) that would hold a date when a specific user was identified as inactive on particular SAP system. This attribute would be updated by a job running daily based on last logon information from SAP.
Then I was thinking about assigning a specific modify task to all those "Z_INACTIVE_...." attributes. That modify task would then need to be able to distinguish, which particular attribute was changed in order to check its' value (was it set, or cleared) and then execute proper custom connector for a proper repository (extracted from attribute's name for example), which would, in result, invalidate user on specific SAP system.
In order for this to work, I would need to have a switch task in that modify task, that would be able to determine, change of which user attribute has triggered a modify.
Is that at all possible at run-time?
I did some investigation around Audit tables/views and I have found some promising results, but I'm not sure, if this is trustworthy and usable at run-time. For example field "userid" of view MXP_AUDIT seems to contain attribute number, along with information if it was inserted or deleted, provided I have AuditID, but this is a free text and I'm not sure if I can use it from switch task at run-time or is this data filled in after specific action task is executed.
I would probably also need to enhance standard modify task to avoid it from updating user's VALID to/Valid from in case it's marked as inactive on specific repository, for example during user's master data update, but this is a secondary topic.
Any thoughts on that topic would be highly appreciated.
Thank You in advance