Saviynt Forums

shyue · ‎03/10/2024

Hi Team,

We want to mark those entitlements which no longer exist in DB as inactive during entitlement reconciliation job for a DB application. Wondering if there is a way we can configure it in DB connection similar to account_not_in_file_action configuration can make accounts as inactive.

Thanks in advance.

SY

CR · ‎03/10/2024

May i know are you any import xml using for recon ent? if yes please share us

and threshold config ent wont support Saviynt.

https://forums.saviynt.com/t5/identity-governance/azure-ad-entitlement-threshold-configuration-is-no...

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

rushikeshvartak · ‎03/10/2024

Add mapper property in entitlement entnotpresentaction = inactive

Full xml

<dataMapping>
	<before-import></before-import>
	<sql-query description="Quant Portal Global Risk - GUI Oracle Database Roles">
		<![CDATA[
			 	SELECT (A.LEGAL_LENTITY_NAME ||  '-' || B.Module_Name)  AS APPROLENAME,
				(A.LEGAL_LENTITY_ID || '-' || B.MODULE_ID) as MAPPINGID,
				'QQ'  AS SECURITYSYSTEMNAME,
				'QQ'  AS ENDPOINTNAME,
				'LegalEntity-Module' AS ENTTILEMENTTYPENAME,
				TO_CHAR( SYSDATE, 'yyyy-MM-dd hh:mm:ss' ) AS IMPORTDATE,
				1 AS STATE
				FROM 
				QR.VAR_GUI_LENTITY_LIST A,QR.GUI B

				UNION

				SELECT DISTINCT (QL.MODULE_NAME || '-' ||  QG.USER_ACCESS_LEVEL) AS APPROLENAME,
				(QL.MODULE_ID || '-' || QG.USER_ACCESS_LEVEL) as MAPPINGID,
				'QQ'  AS SECURITYSYSTEMNAME,
				'QQ'  AS ENDPOINTNAME,
				'Module-Access' AS ENTTILEMENTTYPENAME,
				TO_CHAR( SYSDATE, 'yyyy-MM-dd hh:mm:ss' ) AS IMPORTDATE,
				1 AS STATE
				FROM 
				QR.GUI QL inner join QR.ACCESS QG
				on                      			  
				QL.MODULE_ID=QG.MODULE_ID

				
]]>
	</sql-query>
	<mapper description="Global Risk - GUI Oracle DB  Roles Import" deleteentitlementowner="false" dateformat="date" incrementalcolumn="IMPORTDATE" createentitlementtype="false" entnotpresentaction="inactive">
		<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="SECURITYSYSTEMNAME" type="character"/>
		<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="ENDPOINTNAME" type="character"/>
		<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="ENTTILEMENTTYPENAME" type="character"/>
		<mapfield saviyntproperty="entitlementvalues.entitlement_value" sourceproperty="APPROLENAME" type="character"/>
		<mapfield saviyntproperty="entitlementvalues.customproperty2" sourceproperty="MAPPINGID" type="character"/>
		<mapfield saviyntproperty="entitlementvalues.customproperty17" sourceproperty="IMPORTDATE" type="character"/>
		<mapfield saviyntproperty="entitlementvalues.status" sourceproperty="STATE" type="number"/>
	</mapper>
	<after-import description="EMAIL,BATCH,SQL"></after-import>
</dataMapping>

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

shyue · ‎03/10/2024

Thanks!

Manu269 · ‎03/10/2024

Did you check this Documentation :

Configuring the Integration for Importing Entitlements and Entitlement Hierarchy (saviyntcloud.com)

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

shyue · ‎03/10/2024

It works. Thanks, Manish

CR · ‎03/10/2024

@shyue you can use as per @rushikeshvartak suggested tag and query itself you can fetch only active ent's .

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

Saviynt Forums

How to Configure DB Connection to Mark Entitlements as Inactive if Entitlements Do Not Exist in DB