Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/23/2024 03:58 AM
Hi Team,
We have entitlement owner attribute in AD import{"entitlementOwnerAttribute": "managedBy",}, but owners are not getting tagged, the managedBy attribute in AD holding DN value for the owners, that is getting stored in CP15 for ents, we are using a SAV to SAV to populate the owners, but on next access import run the data populated by SAV to SAV is getting wiped off, on removing this ->"entitlementOwnerAttribute": "managedBy" from the config also wipping the data.
Can anyone let us know how can we restrict the wiping off the data after access import or populate the owners directly from the import.
{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,RECONCILATION_FIELD:entitlementid,customProperty18:objectGUID_Binary",
"entitlementOwnerAttribute": "managedBy",
"activeGroupPossibleValues": ["active", "a", "l", "TRUE"]
}
Regards,
Atrayee
04/23/2024 04:08 AM
Directly we can't update owner , please check below article
04/23/2024 04:08 AM
@AtrayeeDutta Did you check this post :
Solved: Adding owner to Entitlements from Custom property - Saviynt Forums - 28348
Solved: Data truncation error for customproperty16 - Saviynt Forums - 50079
04/23/2024 04:55 AM
@AtrayeeDutta you have to configure "tableFieldAttribute" in your groupImportMapping.
tableFieldAttribute should hold the account column name where you have mapped the AD user's distinguishedName.
PFB an example where I have assumed that you have mapped the AD user's distinguishedName to accountId in the ACCOUNT_ATTRIBUTES mapping.
{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,RECONCILATION_FIELD:entitlementid,customProperty18:objectGUID_Binary",
"entitlementOwnerAttribute": "managedBy",
"tableFieldAttribute": "accountId", // assuming you have mapped account's distinguishedName in accountId column of ACCOUNTS table
"activeGroupPossibleValues": [
"active",
"a",
"l",
"TRUE"
]
}
04/23/2024 05:30 AM
entitlementTypeName Should be memberOf