Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/24/2024 03:39 AM
Hi All,
We have a requirement to update account owners automatically through Analytics. So we are calling runtime analytics from sav4sav and in call 2 we are updating the account owners.
We have prepared the below json and used in ImportAccountEntJSON.
============================================================
{
"accountParams": {
"type": "multiCall",
"call": [
{
"name": "call1",
"callOrder": 0,
"listField": "results",
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://########/ECM/api/v5/fetchRuntimeControlsDataV2",
"httpParams": "{\"analyticsname\":\"Account_Owner_Info\",\"attributes\":{\"DISPLAYNAME\":\"Non-human (Service) Account\"}}"
}
},
{
"name": "call2",
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://########/ECM/api/v5/updateAccount",
"httpParams": "{\"securitysystem\":\"${response.call1.message.result[0].SYSTEMNAME}\",\"endpoint\":\"${response.call1.message.result[0].endpointname}\",\"name\":\"${response.call1.message.result[0].NAME}\",\"attributes\":{\"type\":\"user\",\"value\":\"${response.call1.message.result[0].USERNAME}\",\"rank\":\"26\",\"action\":\"add\"}}"
},
"successResponses": {
"message": "Account Updated Successfully",
"statusCode": [
200,
201
]
}
}
],
"processingType": "SequentialAndIterative",
"connection": "userAuth"
},
"acctEntParams": {},
"entitlementParams": {}
}
===================================
But when we are running the job, the account import job is getting failed and we are getting the below error.
class 'java.util.ArrayList' to class 'java.util.Map' due to: groovy.lang.GroovyRuntimeException: Could not find matching constructor for: java.util.Map(java.util.LinkedHashMap " java.util.LinkedHashMap) at com.saviynt.provisoning.rest.RestUtilService.getSortedMapByValue(RestUtilService.groovy:1046) at com.saviynt.provisoning.rest.RestProvisioningService.processAccountsFullBySequentialAndIterative(RestProvisioningService.groovy:1597).
==============================================================
Please let us know if any issue with the json.
Thank you,
Sudheer Kaneti
07/24/2024 03:41 AM
Hi @SudheerKaneti I don't believe you can do object update using importAcctEntJSON as this is meant for imports.
07/24/2024 03:56 AM
Hi Naveen,
Could you please let us know how can we achieve this account owner update through SAV4SAV instead using importAcctEntJSON?
Thank you,
Sudheer Kaneti.
07/24/2024 03:49 AM
Try enhanced query to update account owner rather than SAV4SAV.
07/24/2024 06:51 AM
Hi Mahalle,
Thank you for the suggestion. Here the requirement is, the owner of all accounts in an endpoint is currently rank 1 , we need to gather the existing owner information and add the same owner but with rank 26.
So we have created analytics and fetch the information and we are trying to update through update owner api call using SAV4SAV.
Can you please suggest how we can do this. ( I dont think we can do this through enhanced query job. Correct me if I am wrong)
Thank you,
Sudheer Kaneti
07/24/2024 09:02 AM
account_owner table update not supported using enhanced query https://forums.saviynt.com/t5/identity-governance/enhanced-query-execution-to-update-account-owner/m...
For Sav4Sav share full logs in text format
07/25/2024 04:00 AM
07/25/2024 09:52 PM
Logs are not relevant enable showlogs = true and share
07/29/2024 03:40 AM
07/29/2024 08:12 AM
Is it working from postman ?
ccessResponses={message=Account Updated Successfully, statusCode=[200, 201]}}]' with class 'java.util.ArrayList' to class 'java.util.Map' due to: groovy.lang.GroovyRuntimeException: Could not find matching constructor for: java.util.Map(java.util.LinkedHashMap, java.util.LinkedHashMap)
07/30/2024 03:26 AM
Hi Rushikesh,
Update account api call is working through postman.
Thank you,
Sudheer Kaneti.
08/05/2024 05:21 AM
Hi Rushikesh,
I have modified the JSON, the call1 is working property and running the analytics. But call 2 is not upating the owners of the accounts.
We are getting below error, please find the attached full logs.
Error:
"ERROR","Invalid record not processed : [endpointname:SVC_AD, name:app_svc_devcyberark, rank:1, SYSTEMNAME:SVC_AD, username:3120930]"
"2024-08-02T13:14:07.170+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-8-2rf5n","ERROR","Exception in persistAccounts:"
"2024-08-02T13:14:07.520+00:00","ecm-worker","","null-2rf5n","","java.lang.NullPointerException: Cannot invoke method trim() on null object at com.saviynt.provisoning.rest.RestProvisioningService.persistAccounts(RestProvisioningService.groovy:4944)
=======================================================
Updated Json:
{
"accountParams": {
"call": {
"call1": {
"callOrder": 0,
"listField": "results",
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://BASEURL/ECM/api/v5/fetchRuntimeControlsDataV2",
"httpParams": "{\"analyticsname\":\"Account_Owner_Info\",\"attributes\":{\"endpointname\":\"SVC_AD\"}}"
}
},
"call2":{
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://BASEURL/ECM/api/v5/updateAccount",
"httpParams": "{\"securitysystem\":\"${response.call1.message.result[0].SYSTEMNAME}\",\"endpoint\":\"${response.call1.message.result[0].endpointname}\",\"name\":\"${response.call1.message.result[0].NAME}\",\"accountowner\":{\"type\":\"user\",\"value\":\"${response.call1.message.result[0].USERNAME}\",\"rank\":\"26\",\"action\":\"add\"}}"
},
"inputParams": {
"dependentCall": true
},
"successResponses": {
"message": "Account Updated Successfully",
"statusCode": [
200,
201
]
}
}},
"processingType": "SequentialAndIterative",
"connection": "userAuth"
},
"acctEntParams": {},
"entitlementParams": {}
}
======================================================
May you please help us to know what would be the reason for this error/Issue in the above json.
Thank you,
Sudheer Kaneti.
08/05/2024 07:04 PM
Did validated with hardcoded user ?
08/08/2024 05:03 AM
Hi Rushikesh,
I have tried with hardcoded values to update user, its succesfully updated the user in ImportacctEnt Json after running the import account json.
But when I used dynamic attributes its not working (Call1 to run runtime analytics and call2 to fetch attributes to update the account owners).
hardcoded values:
"httpParams": "{\"securitysystem\":\"Test_SS\",\"endpoint\":\"Test_EP\",\"name\":\"S1000686\",\"accountowner\":[{\"type\":\"user\",\"value\":\"6016364\",\"rank\":\"26\",\"action\":\"add\"}]}"
Dynamic values:
"httpParams": "{\"securitysystem\":\"${response.call1.message.SYSTEMNAME}\",\"endpoint\":\"${response.call1.message.endpointname}\",\"name\":\"${response.call1.message.NAME}\",\"accountowner\":[{\"type\":\"user\",\"value\":\"${response.call1.message.USERNAME}\",\"rank\":\"26\",\"action\":\"add\"}]}"
},
Please let us know if any issue in the format.
Thank you,
Sudheer Kaneti.
08/08/2024 06:02 AM
What is latest error
08/29/2024 06:09 AM
07/24/2024 11:00 PM
@SudheerKaneti yes it wont be support account_owner table enhanced query it have two primary keys
09/04/2024 11:57 PM - edited 09/05/2024 12:15 AM
@SudheerKaneti - If your issue is still not resolved, you can try with below.
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://BASEURL/ECM/api/v5/fetchRuntimeControlsDataV2?analyticsname=Account_Owner_Info",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "results",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "name~#~char",
"name": "name~#~char",
"customproperty1": "SYSTEMNAME~#~char",
"customproperty2": "ENDPOINTNAME~#~char",
"customproperty3": "user~#~char",
"customproperty4": "username~#~char",
"customproperty5": "rank~#~char",
"customproperty6": "action~#~char"
},
"pagination": {
"offset": {
"offsetParam": "offset",
"batchParam": "max",
"batchSize": 10000,
"totalCountPath": "completeResponseMap.totalcount"
}
}
},
"call2": {
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://BASEURL/ECM/api/v5/updateAccount",
"httpParams": "{\"securitysystem\":\"${response.call1.message.result[0].customproperty1}\",\"endpoint\":\"${response.call1.message.result[0].customproperty2}\",\"name\":\"${response.call1.message.result[0].accountID}\",\"accountowner\":{\"type\":\"{response.call1.message.result[0].customproperty3}\",\"value\":\"${response.call1.message.result[0].customproperty4}\",\"rank\":\"${response.call1.message.result[0].customproperty5}\",\"action\":\"${response.call1.message.result[0].customproperty5}\"}}"
},
"inputParams": {
"dependentCall": true
},
"successResponses": {
"message": "Account Updated Successfully",
"statusCode": [
200,
201
]
}
}
}
},
"acctEntParams": {},
"entitlementParams": {}
}
09/13/2024 06:17 AM
Hi @SudheerKaneti ,
Were you able to resolve this?
09/13/2024 09:09 AM
@SudheerKaneti and @AashishD
In an analytics query, make sure all the information is present with (username, accountname, ss, ep, rank, owner, action)
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://BASEURL/ECM/api/v5/fetchRuntimeControlsDataV2?analyticsname=XXXXXXXXXX",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "results",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "NAME~#~char",
"name": "NAME~#~char",
"customproperty41": "SYSTEMNAME~#~char",
"customproperty42": "ENDPOINTNAME~#~char",
"customproperty43": "USER~#~char",
"customproperty44": "USERNAME~#~char",
"customproperty45": "RANK~#~char",
"customproperty46": "ACTION~#~char"
},
"pagination": {
"offset": {
"offsetParam": "offset",
"batchParam": "max",
"batchSize": 1000,
"totalCountPath": "completeResponseMap.totalcount"
}
}
},
"call2": {
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://BASEURL/ECM/api/v5/updateAccount",
"httpParams": "{\"securitysystem\":\"${response.call1.message.result[0].customproperty41}\",\"endpoint\":\"${response.call1.message.result[0].customproperty42}\",\"name\":\"${response.call1.message.result[0].accountID}\",\"accountowner\":{\"type\":\"{response.call1.message.result[0].customproperty43}\",\"value\":\"${response.call1.message.result[0].customproperty44}\",\"rank\":\"${response.call1.message.result[0].customproperty45}\",\"action\":\"${response.call1.message.result[0].customproperty46}\"}}"
},
"inputParams": {
"dependentCall": true
},
"successResponses": {
"message": "Account Owner Updated Successfully",
"statusCode": [
200,
201
]
}
}
}
},
"acctEntParams": {},
"entitlementParams": {}
}
09/17/2024 04:00 AM
Hi Stalluri,
I have tried with above json and added the parameters below since it is a runtime analytics.
"httpParams": "{\"analyticsname\":\"Account_Owner_Info\",\"attributes\":{\"endpointname\":\"SVC_AD\"}}".
As per your advice, added all the details in the analytics itself.
The below two things are happening after we run account import job but not updating the owners of the accounts.
1. It is running the runtime analytics query.
2. It is creating the accounts in SAV4SAV endpoint but not updating the owners in SVC_AD endpoint.
Please let me know in case we miss something, attached is the json we used.
Thank you,
Sudheer Kaneti.
09/17/2024 05:50 AM
Is it creating. New account ?
09/17/2024 06:11 AM - edited 09/17/2024 09:33 AM
Edited:
Hi Rushikesh,
Apologies for the confusion, the accounts are getting created in SAV4SAV endpoint (This is endpoint created for SAV4SAV connector ) by getting the data from the result of runtime analytics and also updated with customproperty attributes fetching the data from the analytics.
But the owners are not getting updated through update account api call 2 for the accounts in the targeted endpoint "SVC_AD" .
Thank you,
Sudheer Kaneti.
09/17/2024 10:42 AM
Can you share logs in text format
09/18/2024 03:40 AM
09/18/2024 04:47 AM
keep only 1 record in analytics and validate
09/18/2024 07:55 AM
Hi Rushikesh,
I have tried by limiting to one record in the analytics, but still the same result.
Thank you,
Sudheer Kaneti
09/18/2024 07:59 AM
09/19/2024 07:13 AM
09/19/2024 10:10 AM - edited 09/19/2024 11:10 AM
@SudheerKaneti : Response from analytics is in Results block not Result so try below, But I am still skeptical whether you can get call1 response and use it in call2 in Import JSON without using dependentcall.
Because call1 response is a result set with multiple records and you need to make update call for each record by iterating but you don't have anything in API that you can call specific account. So I still believe your use case can't be handle in this approach.
We had similar use case and we couldn't achieve it with REST so we had to fall back on SAV4SAV DB which was supported at that time. Now it is no longer supported.
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://BASEURL/ECM/api/v5/fetchRuntimeControlsDataV2?analyticsname=Account_Owner_Info",
"httpParams": "{\"analyticsname\":\"Account_Owner_Info\",\"attributes\":{\"endpointname\":\"SVC_AD\"}}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "results",
"keyField": "name",
"colsToPropsMap": {
"name": "NAME~#~char",
"customproperty41": "SYSTEMNAME~#~char",
"customproperty42": "ENDPOINTNAME~#~char",
"customproperty43": "USER~#~char",
"customproperty44": "USERNAME~#~char",
"customproperty45": "RANK~#~char",
"customproperty46": "ACTION~#~char"
},
"pagination": {
"offset": {
"offsetParam": "offset",
"batchParam": "max",
"batchSize": 1000,
"totalCountPath": "completeResponseMap.totalcount"
}
}
},
"call2": {
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://BASEURL/ECM/api/v5/updateAccount",
"httpParams": "{\"securitysystem\":\"${response.call1.message.results[0].SYSTEMNAME}\",\"endpoint\":\"${response.call1.message.results[0].ENDPOINTNAME}\",\"name\":\"${response.call1.message.results[0].NAME}\",\"accountowner\":{\"type\":\"user\",\"value\":\"${response.call1.message.results[0].USERNAME}\",\"rank\":\"${response.call1.message.results[0].RANK}\",\"action\":\"${response.call1.message.results[0].ACTION}\"}}"
},
"inputParams": {
"dependentCall": true
},
"successResponses": {
"message": "Account Owner Updated Successfully",
"statusCode": [
200,
201
]
}
}
}
},
"acctEntParams": {},
"entitlementParams": {}
}
09/19/2024 08:17 AM
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://BASEURL/ECM/api/v5/fetchRuntimeControlsDataV2?analyticsname=Account_Owner_Info",
"httpParams": "{\"analyticsname\":\"Account_Owner_Info\",\"attributes\":{\"endpointname\":\"SVC_AD\"}}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "results",
"keyField": "name",
"colsToPropsMap": {
"name": "NAME~#~char",
"customproperty41": "SYSTEMNAME~#~char",
"customproperty42": "ENDPOINTNAME~#~char",
"customproperty43": "USER~#~char",
"customproperty44": "USERNAME~#~char",
"customproperty45": "RANK~#~char",
"customproperty46": "ACTION~#~char"
},
"pagination": {
"offset": {
"offsetParam": "offset",
"batchParam": "max",
"batchSize": 1000,
"totalCountPath": "completeResponseMap.totalcount"
}
}
},
"call2": {
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "https://BASEURL/ECM/api/v5/updateAccount",
"httpParams": "{\"securitysystem\":\"${response.call1.message.result[0].customproperty41}\",\"endpoint\":\"${response.call1.message.result[0].customproperty42}\",\"name\":\"${response.call1.message.result[0].name}\",\"accountowner\":{\"type\":\"user\",\"value\":\"${response.call1.message.result[0].customproperty44}\",\"rank\":\"${response.call1.message.result[0].customproperty45}\",\"action\":\"add\"}}"
},
"inputParams": {
"dependentCall": true
},
"successResponses": {
"message": "Account Owner Updated Successfully",
"statusCode": [
200,
201
]
}
}
}
},
"acctEntParams": {},
"entitlementParams": {}
}