Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

GitHub: Collaborators Repository Privileges Import

AS5278
Regular Contributor II
Regular Contributor II

Hi All,

We are using the GitHubRest connector for importing the repositories and teams from GitHub Enterprise Cloud. Now, for each Repository there are granular permissions called 'privileges' which is also getting imported. These privileges are 'admin', 'maintain', 'push', 'triage', 'pull'.

If a user has 'admin' privilege for a repository, Saviynt is importing the complete hierarchy as below. Because if someone is 'admin' to a repository it means they have all other lower privileges as well. This is fine ..we can understand this. For example:

GitHub User 'AS5278-1' has the 'maintain' access for Repository 'saviynttest1'. So below is how it is pulled in Saviynt:

AS5278_0-1716519332799.png

But we do not want to do this. We want that if someone has 'admin' privilege just pull 'admin'. If someone has 'maintain' just pull 'maintain' and not all privileges lower to it.

So, we adjusted the 'accntEntParams' in the ImportAccntEntJSON as below:

AS5278_1-1716519477357.png

API response to get the collaborators of a repository:

AS5278_2-1716519785077.png

 

But this is not working and irrespective of what I put in the 'attrValuePath' parameter, Saviynt is always pulling in the complete hierarchy. So, if someone has 'write' role for the repository, it is getting pulled as [push, triage, pull].

(Note: push = write, pull = read)

I even tried this:

"attrValue" : ${if(response.role_name.equals('admin')) {'admin'} else if(response.role_name.equals('maintain')) {'maintain'}...and so on...}

AND

"attrValue" : ${if(role_name.equals('admin')) {'admin'} else if(role_name.equals('maintain')) {'maintain'}...and so on...}

Infact, I went a step ahead and did this 😐 :

"attrValuePath": "blahblahhellocheckhellocheckzzz"

None of it works!!

It still pulls the complete privilege hierarchy i.e from the permission the user has till the lowest permission available. So, this means the parameter 'attrValuePath' OR 'attrValue' for 'Repository' enttype in the GitHubRest connector is just a dummy?.

There is some hardcoding done probably done in the code for the GitHubRest connector to say that if repo collaborator has:

1). 'admin' role for repo then pull it in as [admin, mantain, push, triage, pull]

2). 'maintain' role for repo then pull it in as [mantain, push, triage, pull]

3). 'write' role for repo then pull it in as [push, triage, pull] (Note: push = write)

4). 'triage' role for repo then pull it in as [triage, pull

5). 'read' role for repo then pull it in as [pull] (Note: pull = read).

So, I am unable to figure out what to do in this case?. It doesn't matter what value I provide in 'attrValue' or 'attrValuePath' paramter..Saviynt pulls in the complete permission hierarchy.

Please advice.

Thanks,

Atul Singh

 

 

xurde
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

As you have done initial triaging of this issue. I will suggest to use standard REST connector for your use case. 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

AS5278
Regular Contributor II
Regular Contributor II

@rushikeshvartakDoes the standard REST connector allow importing the privileges?.

AS5278_0-1716523558135.png

If yes, is there any sample how to do it. I had tried importing the privileges using the REST connector in the past but it did not get imported.

 

 

xurde

You can pull ent2 and entitlement map

https://docs.saviyntcloud.com/bundle/Infor-v24x/page/Content/Understanding-the-Integration-to-Perfor... 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

AS5278
Regular Contributor II
Regular Contributor II

@rushikeshvartakI went through the documentation link you provided but am unable to understand how to frame the JSON for my usecase. Is there a sanmple JSON for GitHub that you have implemented for importing Repository permissions?.

xurde

We have just pulling base organization and team not permissions.


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.