Saviynt Forums

ASVijayan · ‎08/27/2024

Hi All,

We have onboarded a Git organization into saviynt.

Users have either admin permission or member permission in the organization. We have used the standard JSON mentioned in the documentation (Creating an Integration (saviyntcloud.com))

The permission is visible in UI as below:

This permission details are currently not visible in attestations.

Below is the JSON snippet where we are importing the permissions:

"acctEntParams": {
    "processingType": "httpEntToAcct",
    "connection": "acctAuth",
    "initPrivigesMap": [
      {
        "privName": "Permission",
        "attrType": 3,
        "entType": "Organization",
        "cfgType": 1,
        "attributeValues": "",
        "defaultValue": ""      },
.
.
.
.
.
.
.
"entTypes": {
      "Organization": {
        "call": {
          "call1": {
            "callOrder": 0,
            "stageNumber": 8,
            "http": {
              "httpHeaders": {
                "Authorization": "${access_token}"              },
              "url": "https://<DOMAIN>/orgs/${id}/members",
              "httpContentType": "application/x-www-form-urlencoded",
              "httpMethod": "GET"            },
            "listField": "",
            "acctKeyField": "accountID",
            "entKeyField": "entitlement_value",
            "acctIdPath": "id",
            "privilegeParams": {
              "attrName": "Permission",
              "attrValue": "member"            }
          },

Is there anyway we can map this permission to account attribute, so that this can be used for attestation? Or any other way so that this particular attribute is available for attestation?

Regards,

Athira

rushikeshvartak · ‎08/27/2024

You can store in account attribute
Or if you want as entitlement then bring as new entitlement type (if api available)

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan · ‎08/27/2024

Hi @rushikeshvartak ,

Can you please show a sample of how this can be brought to account attribute?

Regards,

Athira Vijayan

rushikeshvartak · ‎08/27/2024

Do you have API for same ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan · ‎08/27/2024

This is the sample one we are using (standard one documentation):

{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://<DOMAIN>/orgs/<Org_Name>/members?per_page=100&page=1",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "login~#~char",
"displayName": "login~#~char" },
"makeProcessingStatus": true,
"disableDeletedAccounts": true,
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
}
},
"call2": {
"callOrder": 1,
"stageNumber": 1,
"http": {
"url": "https://<DOMAIN>/users/${accountName}",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "login~#~char",
"displayName": "login~#~char",
"customproperty1": "avatar_url~#~char",
"customproperty2": "gravatar_id~#~char",
"customproperty3": "url~#~char",
"customproperty10": "suspended_at~#~char" },
"multiTrigger": {
"multiTriggerType": "MultiTriggerByAccountBatching",
"triggersCount": "20",
"params": {
"accountsoraccess": "accounts" }
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"supportedEntitlementTypes": [
"Organization",
"Team",
"Repository" ],
"entTypes": {
"Organization": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 3,
"inputParams": {
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "login~#~char",
"customproperty6": "url~#~char",
"customproperty7": "description~#~char",
"customproperty8": "public_repos~#~char",
"customproperty9": "public_gists~#~char",
"customproperty10": "followers~#~char" }
},
"call2": {
"callOrder": 1,
"dummyCall": true,
"stageNumber": 4,
"inputParams": {
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"multiTrigger": {
"multiTriggerType": "MultiTriggerByEntitlementBatching",
"triggersCount": "20",
"params": {
"accountsoraccess": "access" }
}
}
}
},
"Team": {
"entTypeOrder": 1,
"entitlementOwnerConfig": {
"maxNumberOfOwner": 4,
"typeOfImportOwner": [
"maintainer" ]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 6,
"inputParams": {
"entitlementname": "Organization" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}/teams?per_page=100&page=1",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "url~#~char",
"customproperty6": "privacy~#~char",
"customproperty7": "permission~#~char",
"customproperty20": "STORE#ENT#MAPPINGINFO#PARENTID#TYPE##ENTMAP~#~char",
"entitlementMappingJson": "STORE#ENT#MAPPINGINFO#PARENTID~#~char" }
}
}
},
"Repository": {
"entTypeOrder": 2,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 7,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}/repos?per_page=100&page=1",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "url~#~char",
"customproperty6": "private~#~char",
"customproperty7": "size~#~char",
"customproperty8": "permissions.admin~#~char",
"customproperty9": "permissions.push~#~char",
"customproperty10": "permissions.pull~#~char",
"customproperty11": "owner.login~#~char",
"customproperty20": "STORE#ENT#MAPPINGINFO#PARENTID#TYPE##ENTMAP~#~char",
"entitlementMappingJson": "STORE#ENT#MAPPINGINFO#PARENTID~#~char" }
}
}
}
}
},
"acctEntParams": {
"processingType": "httpEntToAcct",
"connection": "acctAuth",
"initPrivigesMap": [
{
"privName": "Permission",
"attrType": 3,
"entType": "Organization",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
{
"privName": "Permission",
"attrType": 3,
"entType": "Team",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
{
"privName": "Permission",
"attrType": 3,
"entType": "Repository",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" }
],
"entTypes": {
"Organization": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 8,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 0,
"stageNumber": 9,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members?role=admin",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "admin" }
},
"call3": {
"callOrder": 0,
"stageNumber": 10,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/outside_collaborators",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "outside_collaborator" }
}
}
},
"Team": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 11,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/teams/${id}/members?role=member",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 1,
"stageNumber": 12,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/teams/${id}/members?role=maintainer",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "maintainer" }
}
}
},
"Repository": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 13,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "${id}/collaborators",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "customproperty1",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 1,
"stageNumber": 14,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"acctEntMappingTypeParam": {
"mappingType": "ENT2PRIVREVERSE",
"entitlementName": "Team" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "${id}/teams",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"entKeyField": "customproperty1",
"entIdPath": "url",
"privilegeParams": {
"attrName": "Permission",
"attrValuePath": "permission" }
}
}
}
}
},
"globalSettingParams": {
"globalTriggerParams": {
"maxLoopCountForLastTrigger": 5,
"lastTriggerCompletionSleep": 2000,
"lastTriggerCompletionIntermediateSleep": 1000
},
"supportedEntitlementTypes": [
{
"Organization": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
},
"Team": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
},
"Repository": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
}
}
]
}
}

Permissions from organization is what we need in account attributes (highlighted in bold)

Regards,

Athira

rushikeshvartak · ‎08/27/2024

Check with GitHub documentation for required api and validate from postman

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan · ‎08/27/2024

Hi @rushikeshvartak ,

APIs are validated in postman and are working fine in Saviynt too. We are facing issue in mapping this permission attribute in account parameters.

We need to know how this httpEntToAccnt data can be mapped to account parameters.

Regards,

Athira

rushikeshvartak · ‎08/27/2024

Can you share postman screenshot for privilege

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan · ‎08/28/2024

Hi @rushikeshvartak ,

The privilege attribute is permission, and it can have values member or owner.

To fetch all users who has member access, we use the API : https://api.github.com/orgs/${id}/members

The API response is as below:

To fetch all users who has member access, we use the API : https://api.github.com/orgs/${id}/members?role=admin

The API response is as below:

Is there anyway the highlighted (in yellow) can be brought up as an account parameter for each account?

Regards,

Athira Vijayan

rushikeshvartak · ‎08/28/2024

You can create new entitlement type using above url and map parameters
Refer https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v24x/page/Content/Developers-Handbook.htm for samples for REST connector

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

How to bring httpAccntToEnt values in account parameters