Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST Connector - How to map accounts with entitlements based on XML tags availability and not it's value

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 27 2020 at 12:48 UTC

Is it possible to check if a tag is available in the XML response payload of the REST API?


I have tested many scenarios where we map the value of the XML field from the REST API with SSM Account field, but we have an application to on-board where we don't receive the value of the entitlement, instead we receive the tags whose value is either 0 or 1.


See permissions below(highlighted in red background):


<USER_LIST_OUTPUT>

<USER_LIST>

<USER>

<USER_LOGIN>test_username</USER_LOGIN>

<USER_ID>test_id</USER_ID>

<EXTERNAL_ID>test_email</EXTERNAL_ID>

<USER_STATUS>Active</USER_STATUS>

<USER_ROLE>Manager</USER_ROLE>

<PERMISSIONS>

<CREATE_OPTION_PROFILES>1</CREATE_OPTION_PROFILES>

<PURGE_INFO>1</PURGE_INFO>

</PERMISSIONS>

</USER>

</USER_LIST>

</USER_LIST_OUTPUT>


I have also attached ImportAccountEntJSON and XMLoutput payload.


We have 2 entitlement types already imported in SSM- TestRole and TestPermission.

Mapping the role is easy as we receive the exact value as the entitlement value of TestRole:


<USER_ROLE>Manager</USER_ROLE>

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
6 REPLIES 6

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 27 2020 at 16:31 UTC

Can anyone suggest a workaround please?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 30 2020 at 09:01 UTC

Any REST connector expert here please?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 2 2020 at 09:04 UTC

Hi Ramanpreet,


The above use-case is not possible as Rest Connector does not support any type of data transformation during Account/Access import.



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 2 2020 at 11:43 UTC

Thank you very much for the confirmation Khalid.


In that case is there any way to save <Permissions>...</Permissions> tag in some custom property of the accounts?


I have tried with json and listAsString datatype and it doesn't work and rightly so as we are getting XML in response so no JSON and its not a list as String.


I have randomly tried XML datatype and its doesn't work too and I cant find any other valid datatype in the documentation.


"customproperty1": "PERMISSIONS~#~json" ------ Doesn't work

"customproperty2": "PERMISSIONS~#~listAsString" ------ Doesn't work

"customproperty3": "PERMISSIONS~#~XML" ------ Doesn't work


The accounts-entitlements mappings are saved as JSON using below but that is a different concept:

"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"


which saves value of custom property as:

{"TestRole":{"entIds":["453"],"keyField":"entitlement_value"}}

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 2 2020 at 12:03 UTC

You can try storing the mapping value as a character string as below.

"customproperty1": "PERMISSIONS~#~char"

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 2 2020 at 12:10 UTC

That's exactly what I was testing now 🙂

It works, thanks again.


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.