Saviynt Forums

Hi,

Yes, it is working in postman. In saviynt also it had imported accounts but when running access import it is not mapping the account entitlements.

The entitlements are showing in a list in result. How to map comma seperated entitlements to the account.

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Invalid record not processed for Access-Role: [approles:[role:[StandardParts-Viewer, Viewer, Shared-Viewer, New Nuclear Business-Viewer]], user:208012036]"

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Exception in persistObjects :"

Yes, I have manual entitlement import. 

In result it is showing in list as below.

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Invalid record not processed for Access-Role: [approles:[role:[StandardParts-Viewer, Viewer, Shared-Viewer, New Nuclear Business-Viewer]], user:208012036]"

"2024-09-10T10:09:38.138+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-3-gx5p7","ERROR","Exception in persistObjects :"

@sudheera try this 

{

"accountParams": {

"connection": "acctAuth",

"processingType": "SequentialAndIterative",

"statusAndThresholdConfig": {

"accountsNotInImportAction": "Suspend",

"inactivateAccountsNotInFile": false

},

"includeExistingInActiveAccounts":"true",

"call": {

"call1": {

"callOrder": 0,

"stageNumber": 0,

"http": {

"url": "https://@host/resources/POWER/IdmConnector,

"httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",

"httpHeaders": {

"Authorization": "${access_token}",

"Content-Type": "application/xml"

},

"httpContentType": "application/xml",

"Accept": "application/xml",

"httpMethod": "POST"

},

"listField": "provisionUser.ResponseData.Appusers",

"keyField": "accountID",

"colsToPropsMap": {

"accountID": "user~#~char",

"name": "user~#~char",

"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"

},

"makeProcessingStatus": false

}

},

"acctEntMappings": {

"Access-Role": {

"listPath": "approles",

"idPath": "role",

"keyField": "entitlement_value"

}

}

},

"entitlementParams": {}

"acctEntParams": {

"processingType": "acctToEntMapping"

}

}

it is showing same error as above.

How to map the comma separated entitlement list from result, for account.

@sudheera Share cp31 and also share entitlement name

cp31 is showing like below

and entitlements are as below:

Hi @sudheera does the person have account on target end?

Check if cp31 is empty for all the accounts 

does the person have account on target end? --Yes

Check if cp31 is empty for all the accounts  __yes , it is same for all accounts

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]



⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️

Use below Sample

"customproperty31": "#CONST#${String output1=response.userlist.groups.replaceAll('[\\[\\]]', '').replaceAll(', ', '\",\"'); beg= '{\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlementID\"}}'; output2= beg.concat(output1); finoutput= output2.concat(end); return finoutput}~#~char"

I have updated as per the xml result:

  "CUSTOMPROPERTY31": "#CONST#${String output1=provisionUser.ResponseData.Appusers.approles.role.replaceAll('[\\[\\]]', '').replaceAll(', ', '\",\"'); beg= '{\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlement_value\"}}'; output2= beg.concat(output1); finoutput= output2.concat(end); return finoutput}~#~char"

could you please check cp31 is in format? (shared postman result)

but got below error:

"ERROR","Invalid record not processed for Access-Role: [approles:[role:[SE LR, Confidential - Gas, Confidential - Steam, Change Coordinator, Confidential - Generator, GEMFAExcludeUser]], user:plmstq]"

"ERROR","Exception in persistObjects :"
"2024-09-10T14:27:10.506+00:00","ecm-worker","","null-2tjzr","","java.lang.NullPointerException: Cannot invoke method getAt() on null object

#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}')}

Hi ,

Showing below error:

tried the given one and below also: 

"#CONST#${String output1=provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('"', '\\"') }.join('","'); beg= '{"Group":{"entIds":["'.concat(output1).concat('"],"keyField":"entitlement_value"}}'); return beg}~#~char"

Share full json

Please find below:

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "accountsNotInImportAction": "Suspend",
      "inactivateAccountsNotInFile": false,
      "accountThresholdValue": 1000
    },
    "includeExistingInActiveAccounts": "true",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://qa-hostresources/POWERPLmConnectorService",
          "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/xml"
          },
          "httpContentType": "application/xml",
          "httpMethod": "POST"
        },
        "listField": "provisionUser.ResponseData.Appusers",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "user~#~char",
          "name": "user~#~char",
          "CUSTOMPROPERTY31": "#CONST#${String output1 = provisionUser.ResponseData.Appusers.collect { it.approles.role }.flatten().collect { it.replaceAll('\"', '\\\"') }.join('\",\"'); beg = '{\"Group\":{\"entIds\":[\"'.concat(output1).concat('\"]],\"keyField\":\"entitlement_value\"}}'); return beg;}~#~char"
        }
      }
    },
    "acctEntMappings": {
      "Access-Role": {
        "listPath": "approles",
        "idPath": "role",
        "keyField": "entitlement_value"
      }
    }
  },
  "entitlementParams": {
    "processingType": "SequentialAndIterative",
    "entTypes": {
      "Access-Role": {
        "entTypeOrder": 1,
        "entTypeLabels": {},
        "call": {
          "call1": {
            "connection": "acctAuth",
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "httpHeaders": {
                "Authorization": "${access_token}"
              },
              "url": "https://qa-host/resources/POWEe/IdmConnectorService",
              "httpParams": "<provisionUser><operationName>getActiveUserListWithRoles</operationName></provisionUser>",
              "httpContentType": "application/xml",
              "httpMethod": "POST"
            },
            "listField": "provisionUser.ResponseData.Appusers",
            "keyField": "entitlement_value",
            "colsToPropsMap": {
              "entitlement_Value": "role~#~char"
            }
          }
        }
      }
    }
  },
  "acctEntParams": {
    "processingType": "acctToEntMapping"
  }
}

it is showing same error, not mapping ent.

showing the below error for each user.

ERROR-Invalid record not processed for Access-Role: [approles:[role:[Confidential - Generator, Design Engineer, Special Attention Required, Change Coordinator, NX Designer, AutoCAD Designer, StandardParts-Viewer, Confidential - Steam, US LR]], user:pltta]

ERROR-Exception in persistObjects :

Please raise support ticket with saviynt ops