Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Certification moves directly to completion state

theosveg
Regular Contributor II
Regular Contributor II

Hello,

We have a situation for a user manager certification and are facing the following scenarios:

Scenario 1: When the certification is configured to ignore account (ignore account without entitlements set to Yes), the certification when launched directly moves to completion state.

Scenario 2: When ignore account without entitlement is set to No, the certification does not pick entitlements up when launched. 

 

Does anyone have any insight on why this happens?

4 REPLIES 4

rushikeshvartak
All-Star
All-Star
  • Please share configuration of campaign
  • share logs during launching campaign

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

theosveg
Regular Contributor II
Regular Contributor II

Seeing the below error in logs:

- config is pretty basic, filtering on a particular security system, objects included entitlements, tried with adding accounts, produces same result

- has a default certifier, and we are including all certifier

only thing we are changing is : 

theosveg_0-1724713954022.png

 

"ERROR","Error in fetching userAccessExpirydetails :: {}|java.lang.IllegalArgumentException: org.hibernate.hql.internal.ast.QuerySyntaxException: RoleUserAccount is not mapped [select distinct new Map (r.id as id, r.roleName as name, rua.enddate as expiryDate, 'Roles' as accessType) from com.saviynt.ssm.entity.Roles r, RoleUserAccount rua where r.id = rua.rolekey and r.status = 1 and rua.enddate is not null and rua.userkey = :userkey and rua.startdate between :startDate and :endDate]| at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:138) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:181) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:188) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.internal.AbstractSharedSessionContract.createQuery(AbstractSharedSessionContract.java:757) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.internal.AbstractSharedSessionContract.createQuery(AbstractSharedSessionContract.java:114) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) ~[na:na]|Caused by: org.hibernate.hql.internal.ast.QuerySyntaxException: RoleUserAccount is not mapped [select distinct new Map (r.id as id, r.roleName as name, rua.enddate as expiryDate, 'Roles' as accessType) from com.saviynt.ssm.entity.Roles r, RoleUserAccount rua where r.id = rua.rolekey and r.status = 1 and rua.enddate is not null and rua.userkey = :userkey and rua.startdate between :startDate and :endDate]| at org.hibernate.hql.internal.ast.QuerySyntaxException.generateQueryException(QuerySyntaxException.java:79) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.QueryException.wrapWithQueryString(QueryException.java:103) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:220) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:144) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.engine.query.spi.HQLQueryPlan.<init>(HQLQueryPlan.java:112) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.engine.query.spi.HQLQueryPlan.<init>(HQLQueryPlan.java:73) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]|Caused by: org.hibernate.hql.internal.ast.QuerySyntaxException: RoleUserAccount is not mapped| at org.hibernate.hql.internal.ast.util.SessionFactoryHelper.requireClassPersister(SessionFactoryHelper.java:170) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.ast.tree.FromElementFactory.addFromElement(FromElementFactory.java:91) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.ast.tree.FromClause.addFromElement(FromClause.java:77) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.ast.HqlSqlWalker.createFromElement(HqlSqlWalker.java:334) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.antlr.HqlSqlBaseWalker.fromElement(HqlSqlBaseWalker.java:3782) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]| at org.hibernate.hql.internal.antlr.HqlSqlBaseWalker.fromElementList(HqlSqlBaseWalker.java:3671) ~[hibernate-core-5.6.15.Final.jar!/:5.6.15.Final]|

 

"2024-08-26T14:53:08.110+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Certification certkey 7441 is not attached.. attaching back to session"
"2024-08-26T14:53:08.110+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","deleting certification 7441"
"2024-08-26T14:53:07.149+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","campaignuserbatchcount = 100"
"2024-08-26T14:53:07.149+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG",""
"2024-08-26T14:53:07.177+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","populating data for manager-3495 and advUserList size=0"
"2024-08-26T14:53:07.178+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","userList size=1"
"2024-08-26T14:53:07.178+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Batch size configured for SA/UM campaign populating certification data 100"
"2024-08-26T14:53:07.180+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","tempAdvAccountList===0"
"2024-08-26T14:53:07.181+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","total account list 0 "
"2024-08-26T14:53:07.181+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Processing account 0 to 1 of 1"
"2024-08-26T14:53:07.181+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Finding accounts associated to the users for applications - AND a.endpointkey in(-1,4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102)"
"2024-08-26T14:53:07.182+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","User Accounts List Size - 0"
"2024-08-26T14:53:07.182+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","finding entitlement for accounts"
"2024-08-26T14:53:07.182+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","done calculating entitlements 0"
"2024-08-26T14:53:07.195+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving accounts total 0"
"2024-08-26T14:53:07.195+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","done saving accounts total 0"
"2024-08-26T14:53:07.195+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving certification_user_account_status total 0"
"2024-08-26T14:53:07.233+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Adding empty Certification to emptyCertificationsToBeDeleted - com.saviynt.ecm.campaign.domain.Certification : 7638"
"2024-08-26T14:53:07.251+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","populating data for Revue du gestionnaire - ControleTN - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.251+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","populating data for certification-Revue du gestionnaire - ControleTN - 20240826 - ggiusr3514 (test user), certifier-3514"
"2024-08-26T14:53:07.251+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","campaignuserbatchcount = 100"
"2024-08-26T14:53:07.251+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG",""
"2024-08-26T14:53:07.279+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","populating data for manager-3514 and advUserList size=0"
"2024-08-26T14:53:07.279+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","userList size=1"
"2024-08-26T14:53:07.280+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Batch size configured for SA/UM campaign populating certification data 100"
"2024-08-26T14:53:07.282+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","tempAdvAccountList===0"
"2024-08-26T14:53:07.282+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","total account list 0 "
"2024-08-26T14:53:07.282+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Processing account 0 to 1 of 1"
"2024-08-26T14:53:07.283+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Finding accounts associated to the users for applications - AND a.endpointkey in(-1,4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102)"
"2024-08-26T14:53:07.284+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","User Accounts List Size - 0"
"2024-08-26T14:53:07.284+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","finding entitlement for accounts"
"2024-08-26T14:53:07.284+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","done calculating entitlements 0"
"2024-08-26T14:53:07.284+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving users for Revue du gestionnaire - ControleTN - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.291+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","done saving users for Revue du gestionnaire - ControleTN - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.291+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving users status for Revue du gestionnaire - ControleTN - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.296+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","users status saved for Revue du gestionnaire - ControleTN - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.296+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving accounts/entitlements/roles for Revue du gestionnaire - Controle - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.297+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving accounts total 0"
"2024-08-26T14:53:07.297+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","done saving accounts total 0"
"2024-08-26T14:53:07.297+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving certification_user_account_status total 0"
"2024-08-26T14:53:07.297+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","done saving certification_user_account_status total 0"
"2024-08-26T14:53:07.298+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","saving Certification_entitlement_value total null"
"2024-08-26T14:53:07.298+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","Populating roles "
"2024-08-26T14:53:07.298+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","accounts/entitlements/roles saved for Revue du gestionnaire - Controle - 20240826 - ggiusr3514 (test user)"
"2024-08-26T14:53:07.298+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","processed 100 records"
"2024-08-26T14:53:07.326+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","populated data for certification-Revue du gestionnaire - Controle - 20240826 - usr3514 (test user), certifier-3514"
"2024-08-26T14:53:07.326+00:00","ecm-worker","campaigns.CampaignService","quartzScheduler_Worker-2-7hx76","DEBUG","data populated for Revue du gestionnaire - Control - 20240826 - usr3514 (test user)"

Instead of selecting applications use advanced query and ep.id=4


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor II
Honored Contributor II

Hi @theosveg objects to be selected/reviewed should have account and entitlement selected ..