Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/11/2024 02:17 PM
I have created a Privilage in Resource Group Entitlement type , Which allows only Enum / String , I enabled Enum with Reader , Contributor , Owner .
When i request For Resource Group with Reader as Privilage type through ARS and submit request. Provisioning tasks are getting failed.
I'm not able to view the json it generated in logs. Response received is null with status code null.
Logs attached, Please let me know if any one implemented the provisioning of resource group.
OOTB JSON is :
{ "name": "ResourceGroup", "connection": "userAuth", "privilegeEntitlement":{"privEntType":"RoleDefinition","privAttrName":"Roles"}, "url": "https://management.azure.com${entitlementValue.customproperty4}/providers/Microsoft.Authorization/roleAssignments/${UUID.randomUUID().toString()}?api-version=2015-07-01", "httpMethod": "PUT", "httpParams": "{ \"properties\": { \"roleDefinitionId\": \"${privEntVal.customproperty4}\", \"principalId\": \"${account.accountID}\" } }", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json" }
09/11/2024 02:23 PM - edited 09/11/2024 02:28 PM
09/12/2024 01:05 AM
For provisioning of Azure ( Not Azure AD ), Rest is recommended as per docs. and yes it is working form post man.
09/11/2024 02:26 PM
@saqib
OOTB Azure is working fine, May I know why you want to use Rest connector?
09/12/2024 01:06 AM
OOTB Azure can be used for provisioning , could be please give link in docs which exact one i have to use.
09/12/2024 06:45 AM
09/13/2024 12:01 AM
Yes we are trying with Azure provisioning using the REST connector , And the problem is on Priv Entitlement. in postman i'm able to provision correctly as im populating all the roledefination details manually.
{ "name": "ResourceGroup", "connection": "userAuth", "privilegeEntitlement":{"privEntType":"RoleDefinition","privAttrName":"Roles"}, "url": "https://management.azure.com${entitlementValue.customproperty4}/providers/Microsoft.Authorization/roleAssignments/${UUID.randomUUID().toString()}?api-version=2015-07-01", "httpMethod": "PUT", "httpParams": "{ \"properties\": { \"roleDefinitionId\": \"${privEntVal.customproperty4}\", \"principalId\": \"${account.accountID}\" } }", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json" }
09/13/2024 06:36 AM
Share logs
09/12/2024 08:05 AM
09/12/2024 11:05 PM
I'm trying to provision for Azure , Not Azure AD.
09/13/2024 07:30 AM - edited 09/13/2024 07:42 AM
@saqib
Try this
${entitlementValuesObj.customproperty4} //role Definition Id is not empty
${account.accountID} // make sure the principal Id is not empty
Make sure you have values present in entitlement customproperty4 (ID) and this ID should be referred in entitlementtype customproperty4
${privEntVal.customproperty4}
09/18/2024 01:17 PM
Please let us know , When you reconcile the accounts and access from Azure using OOTB azure connector . We should get Resource Groups and Privileges for each account - am i right ?
We only see assigned resource groups but not privileges, Please suggest what should we add to get them
09/18/2024 01:49 PM
Can you help with screenshots