We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

GetRoles API returns role information of the connected user

Georgios
New Contributor
New Contributor

Hello.

We are currently using version Saviynt v5.5SP3.16

We are trying to call the getRoles API to retrieve a list of roles.

It seems that the call to the API will always append the produced statement in Saviynt with the 

r.id in (select rolekey from Role_user_account where userkey = 'XXX')
where XXX is the id of the user who created the connection token.
 
In other words the getRoles API tries to return the roles assigned to the connected user which in my opinion should be part of the "Get Role Details for user" and not for the "Get Role Details".
 
Could you please advise when we should expect a fix?

 

8 REPLIES 8

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @Georgios 

It looks like the query is set from global config page, you can go to below path and change it if needed

Global confif > Role request > Role request query

 

Thanks

Darshan

 

Thank you Darshan.

I have cleaned up completely the global config page but I still get the same issue. 

Here is an extract from the log where the query tries to retrieve the roles of the user I used to create the connection token..

DEBUG services.UsersService - Parameters are [user_name:"here is the username of the person I want to retrieve the roles from", controller:restfulv5, action:getRoles, max:50, useTokenUser:true, useRolesLabels:true, useEntLabels:true, useUserLabels:true, isFromV5:true, isWS:true, username:"the username of the token connected user"]
DEBUG services.UsersService - Query is Select r from Roles r where r.id in (select rolekey from Role_user_account where userkey = 'XXX')
DEBUG services.UsersService - Total Num of Roles Returning of Current API call = 0

I just found out that I have been calling the rest api as follows:

https://{url}/ECM/api/v5/getRoles

When I call it as follows, I get the correct results..

https://{url}/ECM/api/getRoles

Any recommendation if we have to use the ECM/api/ instead of ECM/api/v5 path?

For Saviynt 5.5 SP3.X , I believe we should use /ECM/api/v5/getRoles

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Hi @Georgios 

Yes, that works but you should be using api/v5/ path.

can you check if this config is enabled in externalconfig.properties file of your env

(api.token.usercontext=true)

 

Thanks

Darshan

Thank you Darshan.
The configuration is enabled as you describe in the file, but we are still getting no results when calling the API (ECM/api/v5/getRoles)

{

    "msg""Roles not found ",
    "errorCode""0"
}

As I mentioned when calling the non V5 version of the API (ECM/api/getRoles), it gets back the correct values.
Any other recommendations?


Hi @Georgios 

Okay the above config should be false. ( if its true then it will only fetch for the user from whom the token was fetched irrespective of what you give in the body ).

 

Make the config as false and do a restart of services, you should be good to go.

 

Thanks

Darshan

Thank you Darshan.

It seems that setting the value to false allowed me to get back results when calling the API.
The behavior of the system if I have the whole parameter commented out is different to the one when having the value set as false.

In any case it seems that it is working now. I will test it also to the rest of our environments.

Thanks again.
Georgios