For a use case for our client, we have to check if a group is already on an application.
We regularly make groups and add members to this group for the OpenLDAP application through the Saviynt API.
Because there is no easy way to provision created groups to OpenLDAP, we plan on using an analytics report which tells us if there is a group accessible on Saviynt with members in them but is not yet accessible in OpenLDAP. We will then use an external jar job to provision this group to OpenLDAP.
How could we go about making this report? Is there an identifier on an entitlement/on the endpoint/... in the database which we can use to tell us if the group is already on the application or not?
Hi @Caesrob ,
If my understanding is correct, you are trying to check a group is already present under particular endpoint or not.
In that case, you can either utilize data analyzer or reports to query the database
Table Entitlement_values holds all entitlements
Try with below query
select ev.entitlement_value as 'Group_name',s.SYSTEMNAME as 'Application_name' from entitlement_values ev join entitlement_types et on et.ENTITLEMENTTYPEKEY=ev.ENTITLEMENTTYPEKEY join securitysystems s on et.SYSTEMKEY=s.SYSTEMKEY where ev.entitlement_value like '%group name%' and s.systemname like '%<security system name>%'
Reference : Database Schema reference
I should have mentioned this in my post, but we create the entitlement on the endpoint of the application through the Saviynt API, so we can later provision this group. So the entitlement is already under the endpoint from the moment it is created on Saviynt.