Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Operator disablement policies does not disable dormant operators

SA-58274

Summary



On enabling the Operator disablement policies with a set of excluded users, dormant users (those who have never logged in) are not removed.


Error Messages



Not Applicable


Steps to Reproduce

  1. Navigate to the Security Policies landing page.
  2. Set the Number of days of inactivity to 90.
  3. Add a set of users to the exclusion list.
  4. Run a custom report. Check the list of users with the OperatorIsDeactivated field filtered to blank or false. Check the operators who have never logged in. Hence, pyLastSignon is null.
  5. Ensure the Last SignOn field is filtered to < Last 90 Days.
  6. Restart the DisableDormantOperators agent.


Root Cause



The default DisableDormantOperators agent invokes the pzDisableDormantOperators activity to fetch all the operators whose pyLastSignon time is before the period of inactivity. The operators who have never logged in after creation are not  considered. For these operators, the pyLastSignon is null, and hence these users are never disabled.


Resolution



An enhancement request, FDBK-26535, is created for consideration by Pega Product Management.

Perform either of the following local-changes, 
  • Execute Pega API Help /users/disable API, or add an activity to execute /users/disable API on a list of operators that must be disabled.
               a. Navigate to Resources > Pega API Help > Users.
               b. Select POST /users/ disable.
               c. In requestBody, add the model with the users to disable, as below:

                            {
                            "Message": "Security profile changed",
                            "Mode": "Operators",
                            "User": [
                            "user1"
                            ],
                            "Excluded": [
                            "user2"
                            ]
                            }

                d. Run the model. This disables all the users given in the  model.   

  • Create an activity using the below steps.

    a. Disable the list of operators.
    b. Invoke the /users/disable REST API with the list of operators that must be disabled. The list of operators to be disabled must be created by business logic and the page passed as formatted JSON. This disables the oeprators that are passed.


    To execute the activity periodically, create an agent and invoke the activity in it.
     
  • Create another agent similar to the DisableDormantOperators agent.

    a. Save As the pzDisableDormantOperators to a different name and refer the new activity from the new agent.
    b. Modify Step 2 of the new activity to include the below:


    pyLastSignon = NULL
    .pxCommitDateTime Is Less Than @addToDate(@CurrentDateTime(),local.daysOfInactivity,"","","")

     



As a result, the system has two agents, the default and the new agent.
The default agent disables operators with the pyLastSignon value and the custom agent manages operators who have never logged in.

Suggest Edit

Published January 4, 2019 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us