Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

403 Forbidden Error-while creating a request(Request to Add Entitlement to User)

Puspanjali
New Contributor
New Contributor

Hi Team,

I'm trying to call the API to a create request "Request to Add Entitlement to User"

But receiving 403 error

URL

https://XXXXXXXXXXXXXXXXXXXXXXXXXXX.com/ECM/api/v5/createrequest

BODY

{
"requesttype":"ADD",
"username":"Pxxxxxxx",
"endpoint":"JSM",
"securitysystem":"ActiveDirectory",
"accountname":"Pxxxxxxx",
"comments":"Business Justification",
"requestor":"Pxxxxxxx",
"createaccountifnotexists":"true",
"dynamicattr":  { 
            "parent" :""
            "child":"" 
},
"entitlement":[
    {"entitlementtype":"memberOf","entitlementvalue":"CN=JSM_Role_MO_Agent,OU=Azure AD,OU=Security,OU=Groups,OU=IGA-Dev,DC=mfltest,DC=co,DC=uk","startdate":"01-03-2023","enddate":"30-03-2023","businessjustification":"test business justification" }
],
"checksod":"true"
}

ERROR

403 Forbidden Error

Puspanjali_0-1677732175972.png

<!doctype html>
<html lang="en">

<head>
    <title>HTTP Status 403 – Forbidden</title>
    <style type="text/css">
        body {
            font-family: Tahoma, Arial, sans-serif;
        }

        h1,
        h2,
        h3,
        b {
            color: white;
            background-color: #525D76;
        }

        h1 {
            font-size: 22px;
        }

        h2 {
            font-size: 16px;
        }

        h3 {
            font-size: 14px;
        }

        p {
            font-size: 12px;
        }

        a {
            color: black;
        }

        .line {
            height: 1px;
            background-color: #525D76;
            border: none;
        }
    </style>
</head>

<body>
    <h1>HTTP Status 403 – Forbidden</h1>
</body>

</html>
 
Could the team help me with this?

 

 

 

5 REPLIES 5

saikanumuri
Saviynt Employee
Saviynt Employee

Can you execute the below query from analytics and share the screenshot of how many entries are showing up

select authtype,url from requestmap where url like '/api/v5/createrequest'

Hi saikanumuri

It has 2 record

PFA

Puspanjali_0-1677735410194.png

Screenshot 2023-03-02 110604.png

saikanumuri
Saviynt Employee
Saviynt Employee

Thanks for sharing that information.

Please try assigning the Privileged access feature to the SavRole and validate it again.

saikanumuri_0-1677736094346.png


If the service account was assigned with SavRole Admin or any other OOB SavRoles where the Add access is not visible under Feature Access Tab -> Actions, Please create a copy of that SavRole and assign the Privileged Access feature to the Savrole and validate it.

Hi saikanumuri

I added all the Privileged Access to copy role and assigned that role to the API user and tried to revalidate, But still got the same 403 error.

Screenshot 2023-03-02 130551.png

Screenshot 2023-03-02 130954.png

Hi saikanumuri

I checked the UI user request flow.

Our current version is V23.1

The request flow of V23.1 is different than other versions

The below checkbox is mandatory to select before submitting the request.RequestForm.png

But for the older version, there is no such option present, only it is present as a note

OLD Version.png

In the reference payload collection by saviynt, I can't see that mandatory attribute(CHECKBOX).

Payload.png

If it is possible, could you please let me know details about that mandatory attribute?