and more in a single search tool across platforms. Read the announcement here. |
03/10/2024 09:08 PM
Hi Team,
We want to mark those entitlements which no longer exist in DB as inactive during entitlement reconciliation job for a DB application. Wondering if there is a way we can configure it in DB connection similar to account_not_in_file_action configuration can make accounts as inactive.
Thanks in advance.
SY
Solved! Go to Solution.
03/10/2024 09:19 PM - edited 03/10/2024 09:22 PM
May i know are you any import xml using for recon ent? if yes please share us
and threshold config ent wont support Saviynt.
03/10/2024 09:20 PM
<mapper description="Quant Portal Global Risk - GUI Oracle DB Roles Import" deleteentitlementowner="false" dateformat="date" incrementalcolumn="IMPORTDATE" createentitlementtype="false" entnotpresentaction="inactive">
Add mapper property in entitlement entnotpresentaction = inactive
Full xml
<dataMapping>
<before-import></before-import>
<sql-query description="Quant Portal Global Risk - GUI Oracle Database Roles">
<![CDATA[
SELECT (A.LEGAL_LENTITY_NAME || '-' || B.Module_Name) AS APPROLENAME,
(A.LEGAL_LENTITY_ID || '-' || B.MODULE_ID) as MAPPINGID,
'QQ' AS SECURITYSYSTEMNAME,
'QQ' AS ENDPOINTNAME,
'LegalEntity-Module' AS ENTTILEMENTTYPENAME,
TO_CHAR( SYSDATE, 'yyyy-MM-dd hh:mm:ss' ) AS IMPORTDATE,
1 AS STATE
FROM
QR.VAR_GUI_LENTITY_LIST A,QR.GUI B
UNION
SELECT DISTINCT (QL.MODULE_NAME || '-' || QG.USER_ACCESS_LEVEL) AS APPROLENAME,
(QL.MODULE_ID || '-' || QG.USER_ACCESS_LEVEL) as MAPPINGID,
'QQ' AS SECURITYSYSTEMNAME,
'QQ' AS ENDPOINTNAME,
'Module-Access' AS ENTTILEMENTTYPENAME,
TO_CHAR( SYSDATE, 'yyyy-MM-dd hh:mm:ss' ) AS IMPORTDATE,
1 AS STATE
FROM
QR.GUI QL inner join QR.ACCESS QG
on
QL.MODULE_ID=QG.MODULE_ID
]]>
</sql-query>
<mapper description="Global Risk - GUI Oracle DB Roles Import" deleteentitlementowner="false" dateformat="date" incrementalcolumn="IMPORTDATE" createentitlementtype="false" entnotpresentaction="inactive">
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="SECURITYSYSTEMNAME" type="character"/>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="ENDPOINTNAME" type="character"/>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="ENTTILEMENTTYPENAME" type="character"/>
<mapfield saviyntproperty="entitlementvalues.entitlement_value" sourceproperty="APPROLENAME" type="character"/>
<mapfield saviyntproperty="entitlementvalues.customproperty2" sourceproperty="MAPPINGID" type="character"/>
<mapfield saviyntproperty="entitlementvalues.customproperty17" sourceproperty="IMPORTDATE" type="character"/>
<mapfield saviyntproperty="entitlementvalues.status" sourceproperty="STATE" type="number"/>
</mapper>
<after-import description="EMAIL,BATCH,SQL"></after-import>
</dataMapping>
03/10/2024 09:27 PM
Thanks!
03/10/2024 09:26 PM
Did you check this Documentation :
Configuring the Integration for Importing Entitlements and Entitlement Hierarchy (saviyntcloud.com)
03/10/2024 09:28 PM
It works. Thanks, Manish
03/10/2024 09:27 PM
@shyue you can use as per @rushikeshvartak suggested tag and query itself you can fetch only active ent's .