Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/20/2024 07:51 AM
Hello, We're using the connection type 'AWS_NonAWSClouddeployment_mainAccount_Template (AWS)' to onboard our AWS instance to Saviynt but notice that the following fields don't mask the values that we populate:
How can we mask these values?
05/20/2024 10:03 PM
Add attribute under Connection Type list --> AWS -->Encrypted Connection Attributes
You need to use enhanced query
05/21/2024 01:41 AM - edited 05/21/2024 01:43 AM
We see this field under the connection type however we can't edit the values that are there. Additionally one of the values that we expect to be encrypted isn't in the connection.
05/22/2024 08:25 PM - edited 05/22/2024 08:30 PM
Use enhanced query to update values or raise support ticket for same.
select EXTERNALCONNECTIONTYPEKEY externalconnectiontype__EXTERNALCONNECTIONTYPEKEY ,concat(ENCRYPTEDATTRIBUTES,',AWS_ACCESS_KEY,AWS_ACCESS_SECRET_PASSWORD') as externalconnectiontype__ENCRYPTEDATTRIBUTES
from externalconnectiontype where EXTERNALCONNECTIONTYPEKEY=13
This is workaround with upgrade this may get removed. hence please raise defect to mask this field by default by product
05/22/2024 07:52 AM
@rushikeshvartak are you able to provide an update on this as it's a blocker to onboarding AWS?
05/22/2024 11:34 PM
Hi @Alex_Terry
Could you please share the screenshot from this path if the above mentioned attributes are there.
Connection Type list --> AWS -->Encrypted Connection Attributes
If the attributes are not there, then please add those attributes using enhanced query as mentioned by @rushikeshvartak
Let me know if still it doesn't work as expected.
Regards,
Dhruv Sharma
05/24/2024 02:27 AM - edited 05/24/2024 02:27 AM
I've attempted to use the Enhanced Query Execution job with the above posted query but get an error saying "Restricted Column. Cannot insert/update data in column E". Do you know of a way to overcome this error?
Additionally, one of the attributes is already populated (AWS_ACCESS_SECRET_PASSWORD) however still isn't being masked which suggests that the masking isn't working, at least with this template.
05/26/2024 10:52 AM
select EXTERNALCONNECTIONTYPEKEY externalconnectiontype__primarykey ,concat(ENCRYPTEDATTRIBUTES,',AWS_ACCESS_KEY,AWS_ACCESS_SECRET_PASSWORD') as externalconnectiontype__ENCRYPTEDATTRIBUTES
from externalconnectiontype where EXTERNALCONNECTIONTYPEKEY=13
05/30/2024 05:33 AM
I've working on some of Alex's issues while on leave, we've tried implimenting the query you suggested but it appears that "AWS_ACCESS_KEY" & "AWS_ACCESS_SECRET_PASSWORD" are not in the comma seporated list of attributes on the AWS connection type.
Is there a fix you can suggest so that these attributes are properly added.
Regs
Andrew C
05/30/2024 05:35 AM
Can you share screenshot
05/30/2024 05:37 AM - edited 05/30/2024 05:37 AM
Or use below query
select EXTERNALCONNECTIONTYPEKEY externalconnectiontype__primarykey,'AWS_ACCESS_SECRET_PASSWORD,DEFAULT_NEW_ACCOUNT_PASSWORD,AWS_ACCESS_KEY,AWS_ACCESS_SECRET_PASSWORD' as externalconnectiontype__ENCRYPTEDATTRIBUTES
from externalconnectiontype where EXTERNALCONNECTIONTYPEKEY=13
05/30/2024 06:04 AM
Below is complete list of all values in Connection Attributes as Comma Separated I've included this as the screen shot doesn't show the complete list.
AWS_ACCOUNT_ID,ADMIN_EMAIL,CREATEUSERS,PREVENTATIVECONTROL_TURNED_ON,CROSS_ACCOUNT_ROLE_ARN,federatedADJSON,AWS_STACK_ROLE_NAME,CL_QUEUE_URL,CW_QUEUE_UL,VPC_KIBANA_URL,CT_KIBANA_URL,PROCESS_PRIVILEGES_TYPES,DEFAULT_NEW_ACCOUNT_PASSWORD,S3CFTEMPLATES_PATH,PULL_GOV_REGION_ONLY,PC_QUEUE_UL,WorkspaceConfigJSON,EXTERNAL_ID,PAM_CONFIG,DEFAULT_REGION,CUSTOM_CONFIG_JSON,GENERATE_KEY_JSON
Regs
Andrew C
05/30/2024 06:09 AM
Its wrong . Its 6th attribute encrypeted connection attribute
05/30/2024 06:16 AM
Hi @rushikeshvartak I'm not sure what you mean by it's wrong...
We have shared the screenshot for the out of the box AWS connection type and the comma separated connection attributes for the same out of the box connection type.
It looks like out of the box connection type does not have these two attributes we have confirmed this with someone from the Saviynt support team and they have confirmed that these attributes are present in their own local environment. Is it possible to use a query to add these attributes to our own environment and if so what would this be.
If we run the query would it add these values or do we need a Saviynt support ticket for this.
05/30/2024 06:28 AM
RUn below query from enhanced query job
select EXTERNALCONNECTIONTYPEKEY externalconnectiontype__primarykey,'AWS_ACCESS_SECRET_PASSWORD,DEFAULT_NEW_ACCOUNT_PASSWORD,AWS_ACCESS_KEY,AWS_ACCESS_SECRET_PASSWORD' as externalconnectiontype__ENCRYPTEDATTRIBUTES
from externalconnectiontype where EXTERNALCONNECTIONTYPEKEY=13
05/30/2024 06:59 AM
@rushikeshvartak we have already run the above query and as per the screenshot I posted these values appear under Encrypted Connection Attributes. The issue we are seeing is that these attributes are also not in the Connection Attributes as Comma Separated list.
Regs
Andrew C
05/30/2024 07:10 AM
Does it still show unencrypted ? you need to enter again and save connection
05/30/2024 07:44 AM
@rushikeshvartak We have already save and tested connection but still its visible as these 2 parameters are not available in Connection Attributes as Comma Separated.
Regs
Andrew C
05/30/2024 08:29 AM
Try adding under global configuration - features -Sensitive Data Variables To Be Masked
05/31/2024 01:52 AM
@rushikeshvartak To reiterate we currently have the attributes showing in the Encrypted Connection Attributes list on the connection type page. The issue we appear to be having is that these attributes are not in the Connection Attributes as Comma Separated list. We've verified this with Saviynt support and confirmed that these attributes should be in the Connection Attributes as Comma Separated list, but in our tenant they are not present.
You're earlier suggestion of the query to add them to the Encrypted Connection Attributes worked but the wider issue now appears to be that they are not in the list of attributes on the connection type. It is this we are now seeking a solution too.
06/03/2024 08:24 PM
This needs to be fixed from product level. Please raise idea ticket
05/31/2024 03:22 AM
We've also updated this value in Global config to what you suggested but it's not changed what we're seeing in the connection even after updating and saving the config the values in the AWS_ACCESS_KEY & AWS_ACCESS_SECRET_PASSWORD attributes are not hidden.