Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Firefighter access not found issue in add and remove access

sudheera
New Contributor
New Contributor

Hi,

Need help in issue of firefighter access not found issue in add/remove access.

For Oracle DB connection, we are getting firefighter access not found issue in add access json and remove access json for entitlements. We are not accessing any emergency roles in the request.

We did not configured any firefighter module for this configuration but we are getting this issue in logs and it is not adding/removing the entitlements in target DB.

in logs it is shwoing as:

"DEBUG","Firefighter access not found in GrantAccessJSON, so not adding it"

Thanks,

Sudheera

18 REPLIES 18

rushikeshvartak
All-Star
All-Star
  • You can ignore that error this is just debugging message

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

sudheera
New Contributor
New Contributor

Hi,

But it is stopping adding and removing ent into the target DB. The entitlements are not getting added/removed from target DB. In Grant access json and Revoke access json  we are getting this issue.

We need to have multiple entitlements also in DB.

Thanks,

Sudheera 

Share json and logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi,

Attaching revoke access logs and json.

Revoke access JSon:

{
"Access-Role" : "DELETE FROM NPIT_USER_GROUP where USERID ='${user.username}' and GROUP_ID in (Select GROUP_ID from NPIT_GROUP where upper(DESCRIPTION) = Upper('${requestAccessAttributes.get('Roles')}'))"
}

Grant access json:

{
"Access-Role": "insert into NPIT_USER_GROUP (USERID, GROUP_ID, UNAPPROVED_FLAG) values ('${user.username}',(select Group_ID from NPIT_GROUP where Upper(description) = Upper('${requestAccessAttributes.get('Roles')}') and Group_ID not in (select GROUP_ID from NPIT_USER_GROUP where USERID='${user.username}')), 0) "
}

 

Logs missing


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi,

adding logs here

Hi, 

could you please share solution for the above issue.

Does the above query work with hardcoded values?

As there is error in JSOn

quartzScheduler_Worker-1-75nh8 DEBUG Error while converting JsonStringToMap


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yes, it is working.

{
"Access-Role": "insert into NPIT_USER_GROUP (USERID, GROUP_ID, UNAPPROVED_FLAG) values ('${user.username}',(select Group_ID from NPIT_GROUP where Upper(description) = Upper('${task.entitlement_valueKey.entitlement_value}') and Group_ID not in (select GROUP_ID from NPIT_USER_GROUP where USERID='${user.username}')), 0) "
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yes, the same query we are using in create account json also. It was creating the record in target DB without any firefighter access issue.

I have updated logic please try above updated json


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Updated Json also giving the same response as below.

It is fetching FFID, FFinstance related tasks, why it is showing those logs?

"quartzScheduler_Worker-10-vv5gh","DEBUG","Firefighter access not found in GrantAccessJSON, so not adding it"

"quartzScheduler_Worker-10-vv5gh","DEBUG","start provisionFFIDAccess TaskType-29"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query to fetch FFID grant access tasks = | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 29 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End provisionFFIDAccess TaskType-27"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start deprovisionFFIDAccess TaskType-30"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query FFID Revoke Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 30 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End deprovisionFFIDAccess TaskType-28"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start extendAccessTask TaskType-31"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query Update Access End Date Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey != null| and rr.tasktype = 31 and rr.entitlement_valueKey != null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Total Tasks for Update Access End Date: 0"
"quartzScheduler_Worker-10-vv5gh","DEBUG","End extendAccessTask TaskType-31"
"ecm-worker","services.ArsTaskHelperService","quartzScheduler_Worker-10-vv5gh","DEBUG","In lockOrUnlockAccount"
"ecm-worker","services.ArsTaskHelperService","quartzScheduler_Worker-10-vv5gh","DEBUG","Query for Lock Account Tasks= | select rr from ArsTasks rr where| rr.accountKey != null| and rr.tasktype = 32| and rr.id in (188011,188012)| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","In lockOrUnlockAccount"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query for Unlock Account Tasks= | select rr from ArsTasks rr where| rr.accountKey != null| and rr.tasktype = 33| and rr.id in (188011,188012)| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","start provisionFFInstanceAccess TaskType-34"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query to fetch FFInstance grant access tasks = | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 34 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End provisionFFInstanceAccess TaskType-34"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start deprovisionFFInstanceAccess TaskType-35"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query FFID Revoke Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 35 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End deprovisionFFInstanceAccess TaskType-35"
"quartzScheduler_Worker-10-vv5gh","DEBUG","Start provisionFFIDAccessAlert TaskType-36"
"quartzScheduler_Worker-10-vv5gh","DEBUG","automatedprovisionqry = rr.securitysystem.automatedProvisioning = true and "
"quartzScheduler_Worker-10-vv5gh","DEBUG","Query FFID Access Alert Tasks= | select rr from ArsTasks rr where| rr.securitysystem.automatedProvisioning = true and | rr.accountKey is not null| and rr.tasktype = 36 and rr.entitlement_valueKey is null| and rr.id in (188011,188012 )| "
"quartzScheduler_Worker-10-vv5gh","DEBUG","End provisionFFIDAccessAlert TaskType-36"

Share connector screenshot showing that configuration is added in right place 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

please check below.  and how to see the complete Logs for DB connection as of now in logs there is no error message from DB.

sudheera_0-1723565819197.pngsudheera_1-1723565839338.pngsudheera_2-1723565857716.pngsudheera_3-1723565883505.png

Security system:

sudheera_4-1723565939203.png

Endpoint:

sudheera_5-1723565993107.png

sudheera_6-1723566037887.png

 

Can you remove hypen from Entitlement Type name & JSON configuration


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

But the tasktype is arstasks is 1,12 only. Please check below.

sudheera_0-1723544225321.png

 

adding revoke access and add access logs here,

[This message has been edited by moderator to mask sensitive information]