Difference between beforeRule and beforeProvisioningRule in web service connector

Hi, I have one very basic but always confusing question. Can anyone please explain me what is the difference between beforeRule and beforeProvisioningRule in web service connector. I see that when we configure any web service, we can assign rule in beforeRule for httpoperations like create account, account aggregation. Can we assign same rule to beforeProvisioningRule. I think by default in service configuration xml file I see that beforeProvisioningRule is available only in connectorAttributes section not available for httpoperation.

what type of rule we can assign in beforeRule and beforeProvisioningRule.

Hi @hranjan3

For webservice the beforeRule is only for HTTP operation and it will not support the befioreProvisioning Rule.

Since the WebService Operation Rule is for only After and Before Operation the name itself tells it’s only for operations.

Hi @hranjan3
In the context of a Web Service connector, BeforeRule or BeforeOperationRule can be leveraged to perform API calls. These rules are particularly useful for retrieving necessary IDs or constructing a proper JSON payload for API interactions before the connector executes its operations.

While I have not extensively explored using API calls in a BeforeProvisioningRule. However, keep in mind that this rule is executed on cloud. If your environment uses a proxy, the BeforeProvisioningRule might not be ideal, as it may not account for proxy constraints. In such scenarios, a Cloud Rule would not be effective either.

That said, a common use case for the BeforeProvisioningRule in the context of a Web Service connector is handling account deletions. If your API configuration includes a delete operation, the BeforeProvisioningRule can be used to modify the operation type dynamically and trigger the account deletion process.

Hi Himanshu,

• BeforeRule: This rule is executed before hitting the API endpoint. If you need to implement logic to modify headers, payload, or other aspects before the API call, you can use this rule.

• BeforeProvisioning Rule: This rule is used when you want to modify the provisioning plan before execution. For example, if you need to add an attribute request to the plan, this is the rule you would use. It’s typically employed during provisioning activities, such as account creation or deletion.

Another important difference

Before Operation rule you can update yourself and see immediate results

Before Provisioning rule you need SailPoint to update. (I dont know SLA / turnaround time for this)

First of all, it’s “Before Operations Rule” that can be used with Web Services Connectors. Before Rule is used with AD or Azure type connectors. Both of these are Connector Rules, which mean they reside and are executed in your VA.

As name indicates, Before Operations Rule is executed before the HTTP operation it is attached to runs, and you can modify the provisioning plan or the API request being made in the HTTP operation.
Link:

Before Provisioning Rule is a cloud rule and is executed in cloud before a Provisioning Plan is sent to VA. This type of rules are a lot more powerful as you have access to many more objects compared to a Connector rule. Most important ones being identity and link(s) objects. However, as these are cloud executed rules, they come with their own limitations, first of which is that these rules need to be deployed by SailPoint via a support ticket.
You can read more in below links:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.