Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Adding new SAV Role to Entitlement Type of (Sav4Sav)

Puspanjali
New Contributor
New Contributor

Hi Team

I created a new SAV role "ROLE_MANAGER" by using UI.

We have the connection: SaviyntForSaviynt

I want to add this new role "ROLE_MANAGER" to"Conn_Saviynt4Saviynt" endpoint's Entitlement Type "SAVRole" so that manager can request it from ARS

Puspanjali_0-1669202432316.png

Can Team help me to achieve this?

11 REPLIES 11

Manikanta_S
Saviynt Employee
Saviynt Employee

Hello @Puspanjali ,

Please ensure that below steps are followed for making SAV ROLE requestable:

  1. Turn on SAV4SAV
  2. Endpoints--> SaviyntDB endpoint --> Entitlement type --> find your Sav Role and select option as table .
  3. Add access workflow

Thanks & Kind Regards,
Manikanta.S

Hi Manikanta

We have already a few roles which are requestable in ARS

Puspanjali_0-1669207534576.png

Puspanjali_1-1669207603731.png

But, Where I'm currently stuck now

I created a new role called "ROLE_MANAGER"

But this role is not populating in our endpoint's Entitlement Type call as "SAVRole"

How I can add that new role to the Entitlement Value of "SAVRole

Run Database entitlement import job for saviynt connection


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh,

Initial configuration is done by PS Team

I checked all the DATA jobs but there is no Access Import job for the Sav4Sav connection

Although I created a new DATA job"SAVIYNT4SAVIYNT_SAVROLE_IMPORT"

But when I tried to Run it, it is not giving me the option to select "Import Type"

Puspanjali_0-1669210245908.png

Its database connector so it should Database job

rushikeshvartak_0-1669211960442.png


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh

Thanks for letting me know about the DB job

I tried to run the job but it is failing

Error

Puspanjali_4-1669263502418.png

Puspanjali_0-1669263264458.png

JOB we have currently

Puspanjali_1-1669263321858.png

Triggered Details

Puspanjali_2-1669263382567.png

Can you help me with how I can fix it?

You have error in entitlement xml

please share xml


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh

In connection,I can see its value is blank

Puspanjali_1-1669266889385.png

Please add proper entitlement xml additionally while running job i see xml is attached what is content in that xml ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh

"i see xml is attached what is content in that XML ?"

That is "ACCOUNTSIMPORT" XML file

I'm not sure, dose it possible without "ENTITLEMENTVALUEIMPORT" XML file roles can be imported from to Saviynt from DB.

As I mentioned earlier we have some existing SAVrole(ROLE_ENDUSER,ROLE_ADMIN"

How those were imported from DB

PFA contains "ACCOUNTSIMPORT" XML file

<dataMapping>
<before-import>
</before-import>
<sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="name" >
<![CDATA[ select distinct u.username as accountname, 'Saviynt For Saviynt' as name, 'Saviynt For Saviynt' as endpointname,u.username as accountcn, 'Role' as attribute,r.ROLE_NAME as entitlementvalue,u.username as username, u.statuskey as status, u.updatedate, u.username as objectguid from users u, roles r, role_owners rw where u.userkey=rw.USERKEY and r.ROLEKEY=rw.ROLEKEY and r.STATUS=1 union select distinct u.username as accountname, 'Saviynt For Saviynt' as name, 'Saviynt For Saviynt' as endpointname,u.username as accountcn, 'UserGroup' as attribute, ug.user_groupname as entitlementvalue,u.username as username, u.statuskey as status, u.updatedate,u.username as objectguid from users u, user_groups ug, usergroup_owners ugo where ug.usergroupkey=ugo.USERGROUPKEY and ugo.USERKEY =u.userkey union select distinct u.username as accountname, 'Saviynt For Saviynt' as name, 'Saviynt For Saviynt' as endpointname,u.username as accountcn, 'SAVRole' as attribute, s.rolename as entitlementvalue,u.username as username, u.statuskey as status, u.updatedate,u.username as objectguid from users u, user_savroles us, savroles s where u.userkey=us.userkey and us.rolekey=s.rolekey and s.statuskey=1 ; ]]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" accountnotinfileaction="suspend" deleteaccountentitlement="false" addOnlyMode="FALSE" ifusernotexists="noaction" incrementalcolumn="updatedate" systems="'Saviynt For Saviynt'">
<mapfield saviyntproperty="accounts.name" sourceproperty="accountname" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpointname" type="character"></mapfield>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="attribute" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.entitlementvalue" sourceproperty="entitlementvalue" type="character"></mapfield>
<mapfield saviyntproperty="users.username" sourceproperty="username" type="character"></mapfield>
<mapfield saviyntproperty="accounts.status" sourceproperty="status" type="number"></mapfield>
<mapfield saviyntproperty="accounts.accountID" sourceproperty="accountcn" type="character"></mapfield>
<mapfield saviyntproperty="accounts.displayname" sourceproperty="objectguid" type="character"></mapfield>
</mapper>
<after-import description="EMAIL,BATCH,SQL">
</after-import>
</dataMapping>

PFA


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.