Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/02/2024 03:55 PM
We are on 24.3 and seeing this error from 04/26/2024 onwards and our AzureAD access import job keep failing with below error all of sudden. We remember AzureAD connector was not bringing subscriptions but its trying to pull now. In earlier versions, AzureAD access import was atleast completed for other objects eventhough any one of the ent type object pull is failed, but now i see no data coming to Saviynt as soon as access import fail with error. Is this behaviour changed from 24.3?
Let us know if you have any information or help to resolve below error. Our app reg has all permissions to pull access and accounts from azuread. Any thoughts appreciated.
ResponseStatusCode-400, Failed url-https://management.azure.com/subscriptions/<subscriptionid>/providers/Microsoft.Authorization/roleAs..., Error Message - {"error":{"code":"DisallowedOperation","message":"The current subscription type is not permitted to perform operations on any provider namespace. Please use a different subscription."}}
05/02/2024 07:23 PM
What is job configuration for entitlement import? Provide screenshots
05/03/2024 06:12 AM
Thank you for your response. Here is the job config of ent import. Is there way i can exclude only that specific subscriptionid which is causing above error while running import?
One more thing Found that errored subscriptionid showing as inactive in azure and i see this message when i try to open Access control (IAM)>>Role Assignments on azure portal.
"The current subscription does not allow you to perform any actions on Azure resources. Use a different subscription."
But access import job should import rest all other data which used to happen in earlier versions but not now.
05/04/2024 07:55 AM
Import access using Custom Access
https://docs.saviyntcloud.com/bundle/AzureAD-v24x/page/Content/Customizing-Entitlement-Import.htm
subscriptions can be imported all and can’t be filtered
05/03/2024 03:04 PM
Any help or direction?
05/06/2024 04:08 AM
Using custom access config , I was able to exclude subscription type entitlements import completely from being access import process and access import process completed successfully for all other included ent types. Is there a way I can exclud only one subscription which is disabled with this custom access config?
05/06/2024 06:55 PM
s there a way I can exclude only one subscription which is disabled with this custom access config? - No