This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adding new SAV Role to Entitlement Type of (Sav4Sav)

Puspanjali
New Contributor
New Contributor

‎11-23-2022 03:29 AM

Hi Team

I created a new SAV role "ROLE_MANAGER" by using UI.

We have the connection: SaviyntForSaviynt

I want to add this new role "ROLE_MANAGER" to"Conn_Saviynt4Saviynt" endpoint's Entitlement Type "SAVRole" so that manager can request it from ARS

Puspanjali_0-1669202432316.png

Can Team help me to achieve this?

Labels:
0 Kudos
11 REPLIES 11

Manikanta_S
Saviynt Employee
Saviynt Employee

‎11-23-2022 04:12 AM

Hello @Puspanjali ,

Please ensure that below steps are followed for making SAV ROLE requestable:

  1. Turn on SAV4SAV
  2. Endpoints--> SaviyntDB endpoint --> Entitlement type --> find your Sav Role and select option as table .
  3. Add access workflow

Thanks & Kind Regards,
Manikanta.S
0 Kudos

Puspanjali
New Contributor
New Contributor
In response to Manikanta_S

‎11-23-2022 04:57 AM

Hi Manikanta

We have already a few roles which are requestable in ARS

Puspanjali_0-1669207534576.png

Puspanjali_1-1669207603731.png

But, Where I'm currently stuck now

I created a new role called "ROLE_MANAGER"

But this role is not populating in our endpoint's Entitlement Type call as "SAVRole"

How I can add that new role to the Entitlement Value of "SAVRole

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Puspanjali

‎11-23-2022 04:59 AM

Run Database entitlement import job for saviynt connection


Regards,
Rushikesh Vartak
0 Kudos

Puspanjali
New Contributor
New Contributor
In response to rushikeshvartak

‎11-23-2022 05:38 AM

Hi Rushikesh,

Initial configuration is done by PS Team

I checked all the DATA jobs but there is no Access Import job for the Sav4Sav connection

Although I created a new DATA job"SAVIYNT4SAVIYNT_SAVROLE_IMPORT"

But when I tried to Run it, it is not giving me the option to select "Import Type"

Puspanjali_0-1669210245908.png

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Puspanjali

‎11-23-2022 05:59 AM

Its database connector so it should Database job

rushikeshvartak_0-1669211960442.png


Regards,
Rushikesh Vartak
0 Kudos

Puspanjali
New Contributor
New Contributor
In response to rushikeshvartak

‎11-23-2022 08:20 PM

Hi Rushikesh

Thanks for letting me know about the DB job

I tried to run the job but it is failing

Error

Puspanjali_4-1669263502418.png

Puspanjali_0-1669263264458.png

JOB we have currently

Puspanjali_1-1669263321858.png

Triggered Details

Puspanjali_2-1669263382567.png

Can you help me with how I can fix it?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Puspanjali

‎11-23-2022 09:09 PM

You have error in entitlement xml

please share xml


Regards,
Rushikesh Vartak
0 Kudos

Puspanjali
New Contributor
New Contributor
In response to rushikeshvartak

‎11-23-2022 09:15 PM

Hi Rushikesh

In connection,I can see its value is blank

Puspanjali_1-1669266889385.png

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Puspanjali

‎11-23-2022 09:47 PM

Please add proper entitlement xml additionally while running job i see xml is attached what is content in that xml ?


Regards,
Rushikesh Vartak
0 Kudos

Puspanjali
New Contributor
New Contributor
In response to rushikeshvartak

‎11-24-2022 10:33 PM

Hi Rushikesh

"i see xml is attached what is content in that XML ?"

That is "ACCOUNTSIMPORT" XML file

I'm not sure, dose it possible without "ENTITLEMENTVALUEIMPORT" XML file roles can be imported from to Saviynt from DB.

As I mentioned earlier we have some existing SAVrole(ROLE_ENDUSER,ROLE_ADMIN"

How those were imported from DB

PFA contains "ACCOUNTSIMPORT" XML file

<dataMapping>
<before-import>
</before-import>
<sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="name" >
<![CDATA[ select distinct u.username as accountname, 'Saviynt For Saviynt' as name, 'Saviynt For Saviynt' as endpointname,u.username as accountcn, 'Role' as attribute,r.ROLE_NAME as entitlementvalue,u.username as username, u.statuskey as status, u.updatedate, u.username as objectguid from users u, roles r, role_owners rw where u.userkey=rw.USERKEY and r.ROLEKEY=rw.ROLEKEY and r.STATUS=1 union select distinct u.username as accountname, 'Saviynt For Saviynt' as name, 'Saviynt For Saviynt' as endpointname,u.username as accountcn, 'UserGroup' as attribute, ug.user_groupname as entitlementvalue,u.username as username, u.statuskey as status, u.updatedate,u.username as objectguid from users u, user_groups ug, usergroup_owners ugo where ug.usergroupkey=ugo.USERGROUPKEY and ugo.USERKEY =u.userkey union select distinct u.username as accountname, 'Saviynt For Saviynt' as name, 'Saviynt For Saviynt' as endpointname,u.username as accountcn, 'SAVRole' as attribute, s.rolename as entitlementvalue,u.username as username, u.statuskey as status, u.updatedate,u.username as objectguid from users u, user_savroles us, savroles s where u.userkey=us.userkey and us.rolekey=s.rolekey and s.statuskey=1 ; ]]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" accountnotinfileaction="suspend" deleteaccountentitlement="false" addOnlyMode="FALSE" ifusernotexists="noaction" incrementalcolumn="updatedate" systems="'Saviynt For Saviynt'">
<mapfield saviyntproperty="accounts.name" sourceproperty="accountname" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpointname" type="character"></mapfield>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="attribute" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.entitlementvalue" sourceproperty="entitlementvalue" type="character"></mapfield>
<mapfield saviyntproperty="users.username" sourceproperty="username" type="character"></mapfield>
<mapfield saviyntproperty="accounts.status" sourceproperty="status" type="number"></mapfield>
<mapfield saviyntproperty="accounts.accountID" sourceproperty="accountcn" type="character"></mapfield>
<mapfield saviyntproperty="accounts.displayname" sourceproperty="objectguid" type="character"></mapfield>
</mapper>
<after-import description="EMAIL,BATCH,SQL">
</after-import>
</dataMapping>

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Puspanjali

‎11-29-2022 09:36 AM

PFA


Regards,
Rushikesh Vartak
Preview file
3 KB
0 Kudos
Copyright © 2023 Khoros, LLC