Delta Aggregation
SailPoint's Identity Governance connector for ServiceNow in
Prerequisites
To support the delta aggregation, you must create the following Access Control List (ACL) in global scope and assign it to the x_sapo_iiq_connect.admin role:
|
ACL |
Type |
Operation |
Name |
Attribute |
|
sys_audit_delete |
record |
read |
Audit Deleted Record[sys_audit_delete] |
None |
To support the delta aggregation, ensure you have created the ACL in global scope and assigned it to the x_sapo_iiq_connect.admin role.
Delta Aggregation does not detect the deleted accounts. SailPoint recommends performing a full aggregation to detect the deleted accounts on ServiceNow.
Note
-
If this ACL is not created, then deleted connections from the users are not detected during delta aggregation.
-
For delta aggregation,
-
For improved delta aggregation performance, ensure you have the SailPoint Identity Governance connector version 1.0.6 or later.
-
To improve the performance further Deleting With Table Cleanup Policies can be configured on the
x_sapo_iiq_connect_user_roles_and_group_deletestable. For more information on table cleanup policies, refer to Deleting With Table Cleanup Policies.
Improving Delta Aggregation
To improve the delta aggregation
Upgrading to the latest version enables the
The deleted events of a user’s connections are read from the sys_audit_delete table, when disableSysAuditDeleteTableRead is set to false. To read the deleted events of a user’s connection from the x_sapo_iiq_connect_user_roles_and_group_deletes table, set disableSysAuditDeleteTableRead to true in the application XML in the debug page as shown below:
<entry key="disableSysAuditDeleteTableRead">
<value>
<Boolean>true</Boolean>
</value>
</entry>