Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/08/2024 08:06 AM
Hi,
Need help in issue of firefighter access not found issue in add/remove access.
For Oracle DB connection, we are getting firefighter access not found issue in add access json and remove access json for entitlements. We are not accessing any emergency roles in the request.
We did not configured any firefighter module for this configuration but we are getting this issue in logs and it is not adding/removing the entitlements in target DB.
in logs it is shwoing as:
"DEBUG","Firefighter access not found in GrantAccessJSON, so not adding it"
Thanks,
Sudheera
08/08/2024 01:28 PM
08/09/2024 01:21 AM
Hi,
But it is stopping adding and removing ent into the target DB. The entitlements are not getting added/removed from target DB. In Grant access json and Revoke access json we are getting this issue.
We need to have multiple entitlements also in DB.
Thanks,
Sudheera
08/09/2024 02:43 AM
Share json and logs
08/09/2024 02:52 AM
Hi,
Attaching revoke access logs and json.
Revoke access JSon:
{
"Access-Role" : "DELETE FROM NPIT_USER_GROUP where USERID ='${user.username}' and GROUP_ID in (Select GROUP_ID from NPIT_GROUP where upper(DESCRIPTION) = Upper('${requestAccessAttributes.get('Roles')}'))"
}
Grant access json:
{
"Access-Role": "insert into NPIT_USER_GROUP (USERID, GROUP_ID, UNAPPROVED_FLAG) values ('${user.username}',(select Group_ID from NPIT_GROUP where Upper(description) = Upper('${requestAccessAttributes.get('Roles')}') and Group_ID not in (select GROUP_ID from NPIT_USER_GROUP where USERID='${user.username}')), 0) "
}
08/09/2024 02:53 AM
Logs missing
08/09/2024 05:04 AM
08/12/2024 02:51 AM
Hi,
could you please share solution for the above issue.
08/12/2024 04:53 AM
Does the above query work with hardcoded values?
As there is error in JSOn
quartzScheduler_Worker-1-75nh8 DEBUG Error while converting JsonStringToMap
08/12/2024 04:58 AM
yes, it is working.
08/12/2024 05:04 AM
{
"Access-Role": "insert into NPIT_USER_GROUP (USERID, GROUP_ID, UNAPPROVED_FLAG) values ('${user.username}',(select Group_ID from NPIT_GROUP where Upper(description) = Upper('${task.entitlement_valueKey.entitlement_value}') and Group_ID not in (select GROUP_ID from NPIT_USER_GROUP where USERID='${user.username}')), 0) "
}
08/12/2024 05:17 AM
yes, the same query we are using in create account json also. It was creating the record in target DB without any firefighter access issue.
08/12/2024 05:23 AM
I have updated logic please try above updated json
08/13/2024 03:15 AM
Updated Json also giving the same response as below.
It is fetching FFID, FFinstance related tasks, why it is showing those logs?
"quartzScheduler_Worker-10-vv5gh","DEBUG","Firefighter access not found in GrantAccessJSON, so not adding it"
"quartzScheduler_Worker-10-vv5gh","DEBUG","start provisionFFIDAccess TaskType-29"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query to fetch FFID grant access tasks = | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 29 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End provisionFFIDAccess TaskType-27"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start deprovisionFFIDAccess TaskType-30"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query FFID Revoke Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 30 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End deprovisionFFIDAccess TaskType-28"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start extendAccessTask TaskType-31"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query Update Access End Date Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey != null| and rr.tasktype = 31 and rr.entitlement_valueKey != null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Total Tasks for Update Access End Date: 0"
"quartzScheduler_Worker-10-vv5gh","DEBUG","End extendAccessTask TaskType-31"
"ecm-worker","services.ArsTaskHelperService","quartzScheduler_Worker-10-vv5gh","DEBUG","In lockOrUnlockAccount"
"ecm-worker","services.ArsTaskHelperService","quartzScheduler_Worker-10-vv5gh","DEBUG","Query for Lock Account Tasks= | select rr from ArsTasks rr where| rr.accountKey != null| and rr.tasktype = 32| and rr.id in (188011,188012)| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","In lockOrUnlockAccount"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query for Unlock Account Tasks= | select rr from ArsTasks rr where| rr.accountKey != null| and rr.tasktype = 33| and rr.id in (188011,188012)| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","start provisionFFInstanceAccess TaskType-34"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query to fetch FFInstance grant access tasks = | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 34 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End provisionFFInstanceAccess TaskType-34"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start deprovisionFFInstanceAccess TaskType-35"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query FFID Revoke Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 35 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End deprovisionFFInstanceAccess TaskType-35"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start provisionFFIDAccessAlert TaskType-36"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query FFID Access Alert Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 36 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End provisionFFIDAccessAlert TaskType-36"
08/13/2024 06:02 AM
Share connector screenshot showing that configuration is added in right place
08/13/2024 09:21 AM
please check below. and how to see the complete Logs for DB connection as of now in logs there is no error message from DB.
Security system:
Endpoint:
08/13/2024 09:26 AM
Can you remove hypen from Entitlement Type name & JSON configuration
08/13/2024 03:17 AM
But the tasktype is arstasks is 1,12 only. Please check below.
08/09/2024 03:00 AM - last edited on 08/13/2024 05:30 AM by Sunil