Saviynt Forums

Hi @PremMahadikar pipe (I) cannot be used as some of the role names in our environment contain the character '|' within.

@Saathvik PFA the SAV file, CSV file used when tilde (~) is used as the FILEIMPORTDELIMETER value.

Also, PFA the error log in this case.

When there is comma in AD Entitlement name , use double quotes to entitlement name

"CN=XXX,DC=XXX,OU=XXX"

@rushikeshvartak Yes, we are encapsulating the whole entitlement name within double quotes:-

Still, Saviynt is considering DC=XXX as a separate entitlement, CN=XXX as separate and OU=XXX as the third entitlement, and mapping these three separated entitlements to the given role like this:-

Please note that we have specified NOACTION on the value for ENT_VAL_NOT_AVAILABLE column, but still Saviynt is creating these entitlements, mapping them to the given role, as well as triggering tasks to add those entitlements to the role members.

Can you test with minimum mandatory attributes 

@rushikeshvartak tested with minimum mandatory attributes as per following order:-

1) Mapped just the role name with role status and role type, keeping rest attributes blank. Role status and type got updated accordingly from the SchemaRoleImport job successfully.

2) Mapped role name with user name, keeping rest attributes blank. User got mapped to role and tasks got created for adding access to the user accounts successfully.

3) Mapped role name with entitlement name which does not have comma, along with respective system name, endpoint name, entitlement type. Kept rest attributes blank. Entitlement got successfully mapped to the role, and tasks got created for adding access to this entitlement for all role members.

4) Tried mapping role name with entitlement name which has comma - the problem statement (PFA sample_roles.sav and role_ents_test_05082024_1.csv files). This time, the SchemaRoleImport job failed with error in logs: "org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'null' with class 'null' to class 'long'. Try 'java.lang.Long' instead" (PFA complete logs in Logs_ExportData_2024-05-08_09-36-05-AM(UTC) (6).csv).

Try keeping entitlement in end of list

what is _24 here?

@rushikeshvartak That _24 (Sometimes _27 or _15) is appearing in the logs within the name of the entitlement being uploaded through the CSV file for Schema Role Import job.

For example, for an entitlement CN=4EM LOG,OU=HONDA GLOBAL,OU=HDM,DC=TLABMDS,OU=GROUPS,OU=ENGINEERING,DC=AM,DC=COM being passed on the CSV file, we can see the Saviynt logs stating it as CN=4EM LOG_27, OU=HONDA GLOBAL_27, OU=HDM_27, DC=TLABMDS_27, OU=GROUPS_27, OU=ENGINEERING_27, DC=AM_27, DC=COM_27 instead. It is like Saviynt is adding a _27/_24/_15 where there is a comma in the entitlement name.

looks like defect please raise support ticket

Hi Resham,

I am facing a similar issue when importing AD groups. 

The error I am seeing when running the Schema import job for entitlements is " SAV file column count is greater or less than csv file column count." Sometimes, also this error: 

But as you can see, the column counts match. I have also tried using the "|" as delimiter and adding the "SPLIT_ENT_WITH_COMMA=FALSE" option, but no luck. 

How did you get the AD group import to work? Any pointers would be appreciated. 

Kind regards,

Chandu K.

@chandu_k09 PFA the template .csv and .sav file on my above response marked as 'Accepted Solution'. Please rearrange the order of attributes in CSV and SAV files, refine the field names in your SAV file, also remove the column header from CSV file, and just supply the values from first row itself, as it is demonstrated in the template files I shared.

Thanks Resham for explaining, I will try.