Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Createrequest api usage to assign privileges

JanardhanSharma
New Contributor II
New Contributor II

‎10/17/2023 07:02 AM

Hi team,

There is a new feature added https://docs.saviyntcloud.com/bundle/Release-Notes/page/Content/v23/Release-Notes-23-9.htm#:~:text=R....

As per this feature we can request privileges as well. 
It is however not clear though, as to what should be the payload though ?

URI: 

/ECM/api/v5/createrequest

Body:

 

{
"requesttype":"NEW",
"username" : "userName",
"endpoint":"endpoint/name",
"securitysystem":"open-policy-agent",
"comments":"Requested for testing via postman.",
"requestor":"userName",
"createaccountifnotexists":"true",
"entitlement":[
	{
        "entitlementtype":"type",
        "entitlementvalue":"value",
        "attributename" : "role",
        "attributevalue" : "reader",
        "businessjustification":"Requested for testing via postman." 
    }]
}

 

 As per the suggestion, we added attributename and attribute value in the entitlement, bit it did not work. 

Any suggestions/help in this regard will be helpful. 

0 Kudos
3 REPLIES 3

Dhruv_S
Saviynt Employee
Saviynt Employee

‎10/19/2023 05:32 AM

Hi @JanardhanSharma 

Please add the attribute name and attribute value in privileges parameter and test.

JSON1.PNG

Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.

0 Kudos

JanardhanSharma
New Contributor II
New Contributor II

‎10/23/2023 03:42 AM - edited ‎10/23/2023 05:20 AM

Thanks for the response. 
But the solution as suggested did not work. 

Additional observations. 
The attribute `priveleges` is accepted but there is no action being taken in the back end. So most probably the name is incorrect. The serialization is most probably ignoring unknown properties.

When we used `privileges`,  we get 

 

 

 

 

{
"errorCode": 1,
"message": "Invalid PayLoad - enter privileges in correct format"
}

 

 



We played around with various options, but none worked. 

Few samples that we tried. 

 

 

"entitlement":[
   {
      "entitlementtype":"open-policy-agent/systems/a7dc28f1cbba485d9d9fc10bb98ddb20/resource_types/canary_domain",
      "entitlementvalue":"systems/a7dc28f1cbba485d9d9fc10bb98ddb20/resource_types/canary_domain/customer-care",
      "privileges":{
         "attributename":"role",
         "attributevalue":"reader"
      },
      "businessjustification":"Requested for testing via postman."
   }
]



------------------------


"entitlement":[
   {
      "entitlementtype":"open-policy-agent/systems/a7dc28f1cbba485d9d9fc10bb98ddb20/resource_types/canary_domain",
      "entitlementvalue":"systems/a7dc28f1cbba485d9d9fc10bb98ddb20/resource_types/canary_domain/customer-care",
      "privileges":{
         "attributeName":"role",
         "attributeValue":"reader"
      },
      "businessjustification":"Requested for testing via postman."
   }
]


-----------------------

"entitlement":[
   {
      "entitlementtype":"open-policy-agent/systems/a7dc28f1cbba485d9d9fc10bb98ddb20/resource_types/canary_domain",
      "entitlementvalue":"systems/a7dc28f1cbba485d9d9fc10bb98ddb20/resource_types/canary_domain/customer-care",
      "privileges":{
         "attributesList":[
            {
               "attributeName":"role",
               "attributeValue":[
                  {
                     "ID":"reader"
                  }
               ]
            }
         ]
      },
      "businessjustification":"Requested for testing via postman."
   }
]​

 

 



It would be very helpful if you could try out the api and provide the correct payload. @Dhruv_S

 

0 Kudos

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to JanardhanSharma

‎10/24/2023 10:59 PM

Hi @JanardhanSharma 

Please refer the below format and confirm.  

 

{
"requesttype": "NEW",
"username": "userName",
"endpoint": "endpoint/name",
"securitysystem": "open-policy-agent",
"comments": "Requested for testing via postman.",
"requestor": "userName",
"createaccountifnotexists": "true",
"entitlement": [
{
"entitlementtype": "type",
"entitlementvalue": "value",
"businessjustification": "Requested for testing via postman.",
"priveleges": [{

"attributename": "role",
"attributevalue": "reader"
}]
}
]

}

 

Reference documentation: Saviynt Enterprise Identity Cloud API Reference v23.9 (getpostman.com)

Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.

 

0 Kudos
Copyright © 2024 Khoros, LLC