Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/27/2024 07:19 AM
Hi All,
We have onboarded a Git organization into saviynt.
Users have either admin permission or member permission in the organization. We have used the standard JSON mentioned in the documentation (Creating an Integration (saviyntcloud.com))
The permission is visible in UI as below:
This permission details are currently not visible in attestations.
Below is the JSON snippet where we are importing the permissions:
"acctEntParams": {
"processingType": "httpEntToAcct",
"connection": "acctAuth",
"initPrivigesMap": [
{
"privName": "Permission",
"attrType": 3,
"entType": "Organization",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
.
.
.
.
.
.
.
"entTypes": {
"Organization": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 8,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
Is there anyway we can map this permission to account attribute, so that this can be used for attestation? Or any other way so that this particular attribute is available for attestation?
Regards,
Athira
08/27/2024 07:31 AM
08/27/2024 07:37 AM
Hi @rushikeshvartak ,
Can you please show a sample of how this can be brought to account attribute?
Regards,
Athira Vijayan
08/27/2024 07:41 AM
Do you have API for same ?
08/27/2024 07:48 AM
This is the sample one we are using (standard one documentation):
{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://<DOMAIN>/orgs/<Org_Name>/members?per_page=100&page=1",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "login~#~char",
"displayName": "login~#~char" },
"makeProcessingStatus": true,
"disableDeletedAccounts": true,
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
}
},
"call2": {
"callOrder": 1,
"stageNumber": 1,
"http": {
"url": "https://<DOMAIN>/users/${accountName}",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "login~#~char",
"displayName": "login~#~char",
"customproperty1": "avatar_url~#~char",
"customproperty2": "gravatar_id~#~char",
"customproperty3": "url~#~char",
"customproperty10": "suspended_at~#~char" },
"multiTrigger": {
"multiTriggerType": "MultiTriggerByAccountBatching",
"triggersCount": "20",
"params": {
"accountsoraccess": "accounts" }
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"supportedEntitlementTypes": [
"Organization",
"Team",
"Repository" ],
"entTypes": {
"Organization": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 3,
"inputParams": {
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "login~#~char",
"customproperty6": "url~#~char",
"customproperty7": "description~#~char",
"customproperty8": "public_repos~#~char",
"customproperty9": "public_gists~#~char",
"customproperty10": "followers~#~char" }
},
"call2": {
"callOrder": 1,
"dummyCall": true,
"stageNumber": 4,
"inputParams": {
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"multiTrigger": {
"multiTriggerType": "MultiTriggerByEntitlementBatching",
"triggersCount": "20",
"params": {
"accountsoraccess": "access" }
}
}
}
},
"Team": {
"entTypeOrder": 1,
"entitlementOwnerConfig": {
"maxNumberOfOwner": 4,
"typeOfImportOwner": [
"maintainer" ]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 6,
"inputParams": {
"entitlementname": "Organization" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}/teams?per_page=100&page=1",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "url~#~char",
"customproperty6": "privacy~#~char",
"customproperty7": "permission~#~char",
"customproperty20": "STORE#ENT#MAPPINGINFO#PARENTID#TYPE##ENTMAP~#~char",
"entitlementMappingJson": "STORE#ENT#MAPPINGINFO#PARENTID~#~char" }
}
}
},
"Repository": {
"entTypeOrder": 2,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 7,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}/repos?per_page=100&page=1",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "url~#~char",
"customproperty6": "private~#~char",
"customproperty7": "size~#~char",
"customproperty8": "permissions.admin~#~char",
"customproperty9": "permissions.push~#~char",
"customproperty10": "permissions.pull~#~char",
"customproperty11": "owner.login~#~char",
"customproperty20": "STORE#ENT#MAPPINGINFO#PARENTID#TYPE##ENTMAP~#~char",
"entitlementMappingJson": "STORE#ENT#MAPPINGINFO#PARENTID~#~char" }
}
}
}
}
},
"acctEntParams": {
"processingType": "httpEntToAcct",
"connection": "acctAuth",
"initPrivigesMap": [
{
"privName": "Permission",
"attrType": 3,
"entType": "Organization",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
{
"privName": "Permission",
"attrType": 3,
"entType": "Team",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
{
"privName": "Permission",
"attrType": 3,
"entType": "Repository",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" }
],
"entTypes": {
"Organization": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 8,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 0,
"stageNumber": 9,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members?role=admin",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "admin" }
},
"call3": {
"callOrder": 0,
"stageNumber": 10,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/outside_collaborators",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "outside_collaborator" }
}
}
},
"Team": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 11,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/teams/${id}/members?role=member",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 1,
"stageNumber": 12,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/teams/${id}/members?role=maintainer",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "maintainer" }
}
}
},
"Repository": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 13,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "${id}/collaborators",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "customproperty1",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 1,
"stageNumber": 14,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"acctEntMappingTypeParam": {
"mappingType": "ENT2PRIVREVERSE",
"entitlementName": "Team" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "${id}/teams",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"entKeyField": "customproperty1",
"entIdPath": "url",
"privilegeParams": {
"attrName": "Permission",
"attrValuePath": "permission" }
}
}
}
}
},
"globalSettingParams": {
"globalTriggerParams": {
"maxLoopCountForLastTrigger": 5,
"lastTriggerCompletionSleep": 2000,
"lastTriggerCompletionIntermediateSleep": 1000
},
"supportedEntitlementTypes": [
{
"Organization": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
},
"Team": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
},
"Repository": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
}
}
]
}
}
Permissions from organization is what we need in account attributes (highlighted in bold)
Regards,
Athira
08/27/2024 08:07 AM
08/27/2024 08:19 AM
Hi @rushikeshvartak ,
APIs are validated in postman and are working fine in Saviynt too. We are facing issue in mapping this permission attribute in account parameters.
We need to know how this httpEntToAccnt data can be mapped to account parameters.
Regards,
Athira
08/27/2024 08:21 AM
Can you share postman screenshot for privilege
08/28/2024 02:07 AM
Hi @rushikeshvartak ,
The privilege attribute is permission, and it can have values member or owner.
To fetch all users who has member access, we use the API : https://api.github.com/orgs/${id}/members
The API response is as below:
To fetch all users who has member access, we use the API : https://api.github.com/orgs/${id}/members?role=admin
The API response is as below:
Is there anyway the highlighted (in yellow) can be brought up as an account parameter for each account?
Regards,
Athira Vijayan
08/28/2024 07:05 AM