How to disable native emails

Usercube Usercube Show & Tell
, , ,
1

Native emails are sent if:

  1. Sending emails is not deactivated in a permission within an AccessControlRule.
  2. Your configuration uses scaffoldings that allow sending them for a specific feature.

To disable native emails, check your configuration to ensure that every permission between <AccessControlRule> ... </AccessControlRule> is defined with Notify="false".

For Administration Features:

<Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/ReviewRoles/Directory_User" />
<Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/PerformManualProvisioning/Directory_User" />
<Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/ReconciliateRoles/Directory_User" />
<Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/ReconciliateResources/Directory_User" />
<Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/ReviewProvisioning/Directory_User" />

For Notifications Related to Jobs:

<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Launch/Errored" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Launch/Blocked" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Launch/Aborted" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Launch/Completed" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Launch/Warning" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Repair/Errored" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Repair/Blocked" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Repair/Aborted" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Repair/Completed" />
<Entry CanExecute="true" Notify="false" Permission="/Jobs/RunJob/Repair/Warning" />

Next, you need to export the content of the scaffoldings you’re using. To export scaffoldings, you can use the tool Usercube-Export-Configuration.exe. Detailed information can be found in the Knowldge Center documentation.

For example, consider the following scaffolding in your configuration:

<ReviewRolesAccessControlRules EntityType="Directory_Bot" Profile="Administrator" />

In the scaffolding export, you will find the permission /Custom/ProvisioningPolicy/ReviewRoles/Directory_Bot.

To disable notifications for single role and composite role assignments, add these AccessControlRule in your configuration:

<AccessControlRule Identifier="Administrator_AssignedCompositeRole_Custom_ProvisioningPolicy_ReviewRoles_Directory_Bot" DisplayName_L1="Administrator - Review Roles" DisplayName_L2="Administrateur - Revue des rĂ´les" EntityType="AssignedCompositeRole" Profile="Administrator">
    <Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/ReviewRoles/Directory_Bot" />
    <Entry CanExecute="true" Permission="/ProvisioningPolicy/AssignedCompositeRole/Comment" />
</AccessControlRule>

<AccessControlRule Identifier="Administrator_AssignedSingleRole_Custom_ProvisioningPolicy_ReviewRoles_Directory_Bot" DisplayName_L1="Administrator - Review Roles" DisplayName_L2="Administrateur - Revue des rĂ´les" EntityType="AssignedSingleRole" Profile="Administrator">
    <Entry CanExecute="true" Notify="false" Permission="/Custom/ProvisioningPolicy/ReviewRoles/Directory_Bot" />
    <Entry CanExecute="true" Permission="/ProvisioningPolicy/AssignedSingleRole/Comment" />
</AccessControlRule>

Remember, for administration features, the permission will depend on your configuration. If you have named the entity to manage users as “Person,” you should look for the permission /Custom/ProvisioningPolicy/ReviewRoles/Person instead of /Custom/ProvisioningPolicy/ReviewRoles/Directory_User.

8 Likes
2

Thank you Cyril for this very important topic.

2 Likes
3

This looks more accurate than just disabling all the mails in the MailSettings with, for example, ProvisioningReviewNotification="false". I couldn’t disable the Job notifications there so thank you a lot!

Maybe to add a detail: The --export-scaffolding option for the Usercube-Export-Configuration.exe only works for on-premises instances not on SaaS.

4

Hello,

Thanks @CyrilC for this topics.
Thanks @Kamil.Wojenkowski for your observations

However, before answering, I just tested again with a SaaS project, that the --export-scaffolding option for the Usercube-Export-Configuration.exe works fine.

Perhaps you’ve used a lot of arguments? In fact, with --export-scaffolding we only need the url and directory.
Don’t forget to authenticate first with ./usercube-login.exe.
Don’t forget to check that your runtime version is the same as the one in the SaaS (Latest Usercube/Usercube Announcements topics - Netwrix Community).

For example:

cd c:\Usercube\runtime ;
.\usercube-login.exe ;
.\Usercube-Export-Configuration.exe --api-url https://myproject.usercube.com -d C:\Usercube\SCAFFOLDING --export-scaffolding

3 Likes