Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Bulk application role request via MultiUser in ARS

Yaswanth
Regular Contributor
Regular Contributor

Hi Team,

I am trying to upload the bulk role request thru ARS via MultiUserRequest. 

Yaswanth_3-1726213122460.png

File used

Yaswanth_0-1726212583915.png

Failed message :

Yaswanth_1-1726212919509.png

Global configuration

Yaswanth_2-1726212964308.png

Could you please help here to resolve this issue.

14 REPLIES 14

rushikeshvartak
All-Star
All-Star

Type should be Add Application Role

rushikeshvartak_0-1726242532661.png

MultiUser-Access-Upload-File.xls

 

Refer https://docs.saviyntcloud.com/bundle/EIC-User-v24x/page/Content/03-mang-accs/ars-req-accs-mult-usr.h...

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri
Valued Contributor II
Valued Contributor II

Understanding the Parameters for Role Requests

Fill in the values for the following columns for each role request:

Sample excel file for uploading the multi-user access request : MultiUser-Role-Upload-File.xls

  • Username: Specify the name of the user for whom you want to make the request. It accepts case insensitive letters.

  • Role Name: Specify the name of the role for which you are submitting the request.

    • Request Type: Specify the type of request.

      • Add: Specify this to request for adding a role to the user.

      • Remove: Specify this to request for removing an existing role access from the user.

      • Update Access End Date: Specify this to request updating the expiration date of roles. This is applicable to enterprise roles.

      • Dynamic Attributes: Specify this to request for adding the dynamic attributes for the role.

    • Start Date: Specify the start date of the role.

      Note

      Do not specify the start date if you are submitting a request for updating the enterprise roles' end date. A validation failure message will be shown if the start date is specified for the Update Access End Date requests.

    • End Date: Specify the end date of the role.

    • Comments: Specify a comment to summarize the request.

    • Role Type: Specify the type of role, for example, Enterprise Role, and Firefighter Role.

    • Attribute Name: Specify the attribute name.

    • Attribute Value: Specify the attribute value.

Interpreting the Request Validation Messages

EIC sends validation messages to requesters based on the status of the submitted requests. Some of the common validation messages are listed in the following table:

Validation TypeValidation Message

Request Type: Access

User
(Existence)

User: <<Username> does not exists or is inactive>

User
(Not requestable)

User: <Username> does not have account in the Endpoint: <Endpoint Name>.

Endpoint (Existence)

Endpoint: <Endpoint Name> not found

Entitlement Type (Existence in the Endpoint)

Entitlement type <Entitlement Type> does not belong to endpoint <Endpoint Name>

Entitlement Type (Not requestable)

Entitlement type <Entitlement Type> is not requestable

Workflow Association validation to Security System in which Request is being made (For Add Access)

No workflow associated.

Workflow Association validation to Security System in which Request is being made (For Remove Access)

No workflow associated.

New Account Request

  • Account with given Name (Existence) check

Account: <Account Name> already exists.

New Account Request

  • If Any Account Exist and new Account Request is disabled to the endpoint

Active Account for user exists and new account request is disabled.

Add Access:

  • Active Entitlement Value Existence with given Entitlement value in (given Entitlement Type/Endpoint)

Active Access: <Entitlement Value> not found for Entitlement Type: <Entitlement Type> and endpoint <Endpoint>

Add Access

  • Active Account check

User:<Username> does not active Account: <Account Name> in Endpoint: <Endpoint Name>

Remove Access

  • Access Assigned/not assigned to the Account

Access: <Entitlement Value> not assigned to account <Account  Name>

Dynamic Attributes

Dynamic Attributes: <<Dynamic Attribute> not found>

Endpoint Access Query

Access Query validation failed

Endpoint Active Account

User:<Username> does not have active Account: <Account Name> in Endpoint:<Endpoint Name>

User not have Manager

You cannot make a request because your manager is inactive or unavailable. Please contact HR to update your manager information.

Request Type: Roles

User (Existence)

User: <<User name> does not exists or is inactive>

Role (Active/Inactive)

Role: <Role name> is not active

Role (Requestable/Non Requestable)

Role: <Role name> is not requestable

Role Type (Correct/incorrect)

Role Type: <Role Type> not correct

Role (Assigned/ Not assigned) to user

Role: <Role Name> already assigned to User: <User Name>

Dynamic Attribute found in roles for user or not

Dynamic Attribute: <Dynamic Attribute Name> Value: <Dynamic Attribute Value> not found in Role: <Role Name> for User: <User Name>

 


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Yaswanth
Regular Contributor
Regular Contributor

Team,

Thanks for your responses, using the below .xls file for application role bulk request.

Yaswanth_0-1726458624878.png

I have tried with Dates and without dates, but still upoad is failing with below error.

http-nio-8080-exec-114-7qlbxERRORUSER: 369614, FILE: BulkRoleRequestUploadFile.xls, exception while scanning
null-7qlbx org.springframework.web.client.HttpClientErrorException: 401 Unauthorized at com.saviynt.scanner.VirusScannerService.getToken(VirusScannerService.groovy:98) at com.saviynt.scanner.VirusScannerService.createHeader(VirusScannerService.groovy:84) at com.saviynt.scanner.VirusScannerService.performScan(VirusScannerService.groovy:39) at ecm.VirusScanFilters$_closure1_closure2_closure3_closure8.doCall(VirusScanFilters.groovy:85) at ecm.VirusScanFilters$_closure1_closure2_closure3.doCall(VirusScanFilters.groovy:76) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)

please suggest

stalluri
Valued Contributor II
Valued Contributor II

@Yaswanth 
Can you please share the full log to understand the problem better?

                    Refer: https://forums.saviynt.com/t5/help/faqpage/title/WhenNotifyAboutPII

🚫⚠️Do not upload any attachments or data that contain sensitive information, such as PII, IP Addresses, URLs, Company/Employee Names, Email Addresses, etc. ⚠️ 🚫


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Yaswanth
Regular Contributor
Regular Contributor

please find the log

[This message has been edited by moderator to mask sensitive information]

Please raise support ticket for virus error


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri
Valued Contributor II
Valued Contributor II

@Yaswanth 
This seems like a defect. I don't see anything in the logs. Create a Support ticket. They can help you with more details.


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Yaswanth
Regular Contributor
Regular Contributor

It is fixed in test environment but getting below error in Prod.

Invalid Start Date entered.Date should follow the format: “MM/dd/yyyy HH:mm:ss” or “MM/dd/yyyy“
Yaswanth_0-1728355463628.png

 

stalluri
Valued Contributor II
Valued Contributor II

@Yaswanth 
Can you also share the logs in the text file.

                    Refer: https://forums.saviynt.com/t5/help/faqpage/title/WhenNotifyAboutPII

🚫⚠️Do not upload any attachments or data that contain sensitive information, such as PII, IP Addresses, URLs, Company/Employee Names, Email Addresses, etc. ⚠️ 🚫


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Please share import sheet file .


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

UsernameEndpointAccount NameRequest TypeEntitlement TypeEntitlement ValuesStartDateEnd DateComments
T12345SentientT12345Add Application RoleApplication RoleSentient MDoc Creation Role Non Production10/08/2024 Add User to Role 1

I have also seen same error and issue is date format in xls file

rushikeshvartak_0-1728408206755.png

Date format 

Jul 06, 2022 - 17:00

rushikeshvartak_1-1728408261056.png

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Yaswanth
Regular Contributor
Regular Contributor
Service NameClass NameThread NameLog LevelMessage    
ecmworkflow.JbpmworkflowmanagementControllerhttp-nio-8080-exec-590-6wmkqDEBUGNo redirection to v6. Entering showmyhistoryrequests
ecmcontrollers.HomeControllerhttp-nio-8080-exec-127-7cxlvDEBUGcheck session   
ecmrest.JwtServicehttp-nio-8080-exec-130-7cxlvDEBUGParsed an HMAC signed JWT  
ecmrest.JwtServicehttp-nio-8080-exec-130-7cxlvDEBUGParsed an HMAC signed JWT  
ecmws.Restfulv5Controllerhttp-nio-8080-exec-130-7cxlvDEBUGDisable Audit Logging : true  
ecmws.Restfulv5Controllerhttp-nio-8080-exec-130-7cxlvDEBUGDefault max limit is set to 50  
ecmws.Restfulv5Controllerhttp-nio-8080-exec-130-7cxlvDEBUGinside getEcmVersion  
ecmservices.SaviyntCommonUtilityServicehttp-nio-8080-exec-130-7cxlvDEBUGcontentType - text/json  
ecmservices.SaviyntCommonUtilityServicehttp-nio-8080-exec-130-7cxlvDEBUGcontentTypeFromConfig - application/json
ecmscanner.VirusScannerServicehttp-nio-8080-exec-125-7cxlvERRORUSER: 70711, FILE: SENTINENT_File_Batch1.xls, exception while scanning
ecm null-7cxlv org.springframework.web.client.HttpClientErrorException: 401 Unauthorized at com.saviynt.scanner.VirusScannerService.getToken(VirusScannerService.groovy:98) at com.saviynt.scanner.VirusScannerService.createHeader(VirusScannerService.groovy:84) at com.saviynt.scanner.VirusScannerService.performScan(VirusScannerService.groovy:39) at ecm.VirusScanFilters$_closure1_closure2_closure3_closure8.doCall(VirusScanFilters.groovy:85) at ecm.VirusScanFilters$_closure1_closure2_closure3.doCall(VirusScanFilters.groovy:76) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)
ecmscanner.VirusScannerServicehttp-nio-8080-exec-125-7cxlvDEBUGVirusScanFilters took 1304 ms  
ecmworkflow.WorkflowmanagementControllerhttp-nio-8080-exec-125-7cxlvDEBUGUpload Type selected: entitlement 
ecmworkflow.WorkflowmanagementControllerhttp-nio-8080-exec-125-7cxlvDEBUGReading Data and preparing for preview.....
ecmsync.SyncFileVersionUtilityServicehttp-nio-8080-exec-125-7cxlvDEBUGchecking for filename  
ecmsync.SyncFileVersionUtilityServicehttp-nio-8080-exec-125-7cxlvDEBUGfilename valid = true  
ecmworkflow.WorkflowmanagementControllerhttp-nio-8080-exec-125-7cxlvDEBUGuseNewUploadFramework = ###FALSE####

NM
Honored Contributor II
Honored Contributor II

@Yaswanth still see the scanner error. Did saviynt support team helped you out like mentioned by @rushikeshvartak and @stalluri after raising support ticket?