Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Error in Grant Access JSON

Mortal
Regular Contributor
Regular Contributor

Hi,

Working on the integration between Saviynt and Snowflake and using DB as connection type. I was able to import the accounts and entitlements from Snowflake and was able to create account using Create Account JSON through Saviynt but granting access is not working, using the following query:

"{
"role": "grant role ${task.entitlement_valuekey.entitlement_value} to user ${user.username};"
}"

The request is getting approved, and tasks are getting completed. I have checked from Snowflake side as well, create account query is getting executed but can't see the grant query.

13 REPLIES 13

NM
Valued Contributor
Valued Contributor

Hi @Mortal , what are you passing in name of create account json?

Please did you try to run same query in snowflake?

Mortal
Regular Contributor
Regular Contributor

Hi @NM , we are passing the following create account json:

"{
"createaccountqry": [
"create user ${accountName} password='Welcome@123' login_name = '${accountName}' display_name = '${user.displayname}' first_name = '${user.firstname}' last_name = '${user.lastname}' email = '${user.email}' default_role = null default_secondary_roles =null must_change_password = true;"
]
}" 

the accounts are getting created on the snowflake side

NM
Valued Contributor
Valued Contributor

@Mortal , try this

Do check entitlement type name

{

{"role": "grant role ${task.entitlement_valuekey.entitlement_value} to user ${accountName};"

}"

naveenss
All-Star
All-Star

Hi @Mortal can you share the entitlement type name? please share the screenshot. Also, is the grant role query working directly from the DB?

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Mortal
Regular Contributor
Regular Contributor

Hi @naveenss @NM  I have used the same query for grant access JSON and entitlementype is 'role'. The grant query is working in Snowflake but not from Saviynt side. PFA screenshot.

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .

also share screenshots of entitlement type configuration inside


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @Mortal can you try below?

 

{
    "ROLE": ["grant role ${task.entitlement_valueKey.entitlement_value} to user ${user.username};"]
}

 

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Mortal
Regular Contributor
Regular Contributor

Hi @rushikeshvartak @naveenss @NM ,

Providing the log details. In logs, I am getting "Error while converting JsonStringToMap"

share screenshots of entitlement type configuration inside


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Mortal
Regular Contributor
Regular Contributor

Hi @rushikeshvartak , sharing with you entitlement type configuration screenshot

{
"ROLE": [
"GRANT ROLE \${task.entitlement_valueKey.entitlement_value}\ TO USER \${accountName}\ "
]
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Mortal
Regular Contributor
Regular Contributor

Hi @rushikeshvartak ,

I used the above query, but it was unable to find the user account from Snowflake side because of the double quotes, its giving error. So, I removed the double quotes and modified the query

{
"ROLE": [
"GRANT ROLE \${task.entitlement_valueKey.entitlement_value}\ TO USER \${accountName}\ "
]
}

Now, the Grant JSON is working form Saviynt, and I can the see the entry of Grant access from snowflake.

Thanks.

Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.