Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

DB Connector GrantAccessJSON

mtorres
New Contributor II
New Contributor II

Saviynt provides example json syntax for granting entitlements using GrantAccessJSON:

{
"ENTITLEMENT_TYPE1" : [
"INSERT INTO
USER_SAVROLES(USERKEY,ROLEKEY) VALUES(${user.id},1)" ,
" call
testproc()"
],

"ENTITLEMENT_TYPE2" : [
"sdfds"
]

}
)

Using this as a guide, I am able to grant users an entitlement associated with the entitlement type I specify in the beginning of the statement.  This works as long as there is only one entitlement associated with the entitlement type.  However, I would like to associate multiple entitlements with the same entitlement type and each one requires a different action to be performed on the DB.

Are there any examples out there I can leverage that can show me how I can accomplish this?  

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

You can write your logic in if... else if .... else

 

{
	"Role": [

		"${if(task.entitlement_valueKey.entitlement_value!=null){'GRANT '+task.entitlement_valueKey.entitlement_value+' TO '+accountName+' '} else {'REVOKE '+task.entitlement_valueKey.entitlement_value+' TO '+accountName+''}}"
	]
}

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

avinashchhetri
Saviynt Employee
Saviynt Employee

Hello @mtorres,

When you configure Saviynt4Saviynt, you end up with multiple entitlement types in the Grant Access or Revoke Access  JSON. Here's a sample on how to use multiple entitlementTypes in a DB Connection.

{
"SAVRole":["Insert into user_savroles(USERKEY, ROLEKEY,UPDATEDATE,UPDATEUSER) VALUES (${user.id},(select rolekey from savroles where rolename= '${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"],
"UserGroup":["Insert into usergroup_users(USERKEY,USER_GROUPKEY,UPDATEDATE,UPDATEUSER) VALUES (${user.id},(select USERGROUPKEY from user_groups where USER_GROUPNAME= '${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"]
}

 

 

Regards,
Avinash Chhetri

Thank you for the responses. 

In my particular use case, I am performing database inserts on an external SQL database (Not Saviynt DB).

I have one entitlement type called Role for this particular endpoint.  I also have multiple entitlements associated with the entitlement type.  For example, lets say I have "Admin" and "Standard User".

Each entitlement requires that we insert different values into the DB.  For example, if a user is granted the "Admin" entitlement, I will insert a value of 1 into column A.  For "Standard User", a value of 2 with be inserted to column A instead.  

Something like this worked with me when I only had the Admin entitlement associated with the Role type: 

{
"Role": [
"INSERT INTO Testdatabase (columnA) VALUES (1)"
]

}

I'll need to add the insert logic for the "Standard User" entitlement but I don't know how to instruct Saviynt on which logic to use for each entitlement from a syntax perspective.  If "Standard User" was associated with a completely different entitlement type (Role2), I could easily just add something like this but I want to avoid creating multiple entitlement types.

{
"Role": [
"INSERT INTO Testdatabase (columnA) VALUES (1)"
],

"Role2": [
"INSERT INTO Testdatabase (columnA) VALUES (2)"
]

}

 

 

{
"Role": [

"${if(task.entitlement_valueKey.entitlement_value.equalsIgnoreCase('Admin'){'GRANT '+task.entitlement_valueKey.entitlement_value+' TO '+accountName+' '} else if (task.entitlement_valueKey.entitlement_value.equalsIgnoreCase('Standard User') {'GRANT '+task.entitlement_valueKey.entitlement_value+' TO '+accountName+''}else {'REVOKE '+task.entitlement_valueKey.entitlement_value+' TO '+accountName+''}}"
]
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thank you Rushikesh.

I'll give this a shot. 

I'm assuming I can work in the database insert or update commands within those statements as well

Yes You can


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.