Saviynt Forums

poonammhetre · ‎02/09/2024

Hi,

We have a requirement where we need to set deafult group owner for all the groups created from saviynt and the owner is another group not user.

I tried setting managedBy attribute in createUpdateGroupMapping to group value but its not working.

eg."managedBy": "CN=IS-xxx-Manual-Group-Admins,OU=Application,OU=Groups,DC=xxxdev,DC=xxx,DC=edu,DC=au"

It only works when we use below code.

"managedBy": "${allOwnerList?.size()>0 && ownerAccountListMap.size()>0 && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).get(0)?.comments:null}"

Is there any way to hardcode the managedBy attribute in createUpdateGroupMapping json?

Could you please help me with this issue?

Thanks,

Poonam

rushikeshvartak · ‎02/09/2024

Please confirm ask - You want to set Owner as User Group under Account Owners Tab of Account for Accounts created from Saviynt

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

poonammhetre · ‎02/09/2024

@rushikeshvartak No, Requirement is that all the groups which are created using Create AD Group tile in saviynt should have managedBy attribute set to CN=IS-xxx-Manual-Group-Admins,OU=Application,OU=Groups,DC=xxxdev,DC=xxx,DC=edu,DC=au.

managedBy attribute only gets set when we use below code.

"managedBy": "${allOwnerList?.size()>0 && ownerAccountListMap.size()>0 && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).get(0)?.comments:null}"

Is there any way to hardcode the managedBy attribute in createUpdateGroupMapping json?

pmahalle · ‎02/09/2024

Hi @poonammhetre ,

Does AD allows to set group DN in manageby attribute? Can you try for one of the group directly in AD instead of through Saviynt.

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

rushikeshvartak · ‎02/09/2024

IF you hardcode are you getting any error ?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

poonammhetre · ‎02/09/2024

@pmahalle Yes, it allows to set group value for managedBy attribute in AD.

@rushikeshvartak No it doesnt give any error but is simply skips the managedBy Attribute while group creation. customproperty15 value is set to managedBy attribute.

Below is the log.

Before binding - createUpdateMappings={

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"cn": "${role?.customproperty27}",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=xxxdev,DC=xxx,DC=edu,DC=au",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"displayName": "${role?.displayname}",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"sAMAccountName": "${role?.customproperty27}",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"description": "${role?.description}",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"objectClass": "group",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"gidNumber": "${Math.addExact(role.id,10000)}",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"name": "${role?.customproperty27}",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"managedBy": "CN=IS-FIM-Manual-Group-Admins,OU=Application,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au"

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--}

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-ownerAccountListMap [:]

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-Enter getStandardBindingVariableForGroupManagement

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-Enter getStandardBindingVariable

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-isGroupManagement : true

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-computeStandardBindingVariableForGroupManagement() called

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getAllRoleOwners() method called. roleKey : 31

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-allRoleOwnerCount : 0

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getAllOwnerAccountsMap() method called. roleKey : 31

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getAllOwnerAccountsMap() method completed.

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getAllRankOwnersMap() method called.

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getAllRankOwnersMap() method completed.

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getRankOneOwners() method called.

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getOwnersPerRank() method called. rank : 1

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getOwnersPerRank() method completed.

2024-02-10T00:10:27+05:30-ecm-worker-groupmanagement.GroupManagementService-quartzScheduler_Worker-3-q686p-DEBUG-getEntitlementValuesFromRoles() method called. roleKey : 31

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-computeStandardBindingVariableForGroupManagement() completed

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-Exit getStandardBindingVariable

2024-02-10T00:10:27+05:30-ecm-worker-services.SaviyntCommonUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-Exit getStandardBindingVariableForGroupManagement

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-After binding - createUpdateMappings={

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"cn": "PMT2",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=uniwadev,DC=uwa,DC=edu,DC=au",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"displayName": "null",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"sAMAccountName": "PMT2",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"description": "null",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"objectClass": "group",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"gidNumber": "10031",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"name": "PMT2",

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--"managedBy": "CN=IS-FIM-Manual-Group-Admins,OU=Application,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au"

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--}

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-This is after asserting it for 1st time

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-

2024-02-10T00:10:28+05:30-ecm-worker--null-q686p--attrs=[sAMAccountName:PMT2, objectClass:group, name:PMT2, cn:PMT2, gidNumber:10031, objectCategory:CN=Group,CN=Schema,CN=Configuration,DC=uniwadev,DC=uwa,DC=edu,DC=au]

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-GROUP CREATION IN AD: true

2024-02-10T00:10:27+05:30-ecm-worker-services.ImportUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-EntitlementType 'memberOf' for Endpoint 'UNIWADEV' found with EntitlementTypekey - 23

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-groupImportMappingObj : memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:memberOf_char,customproperty8:instanceType_char, customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char, customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,customproperty9:name_char, customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,customproperty14:objectClass_char,status:isCriticalSystemObject_char, entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customproperty17:distinguishedName_char,updatedate:whenChanged_date, RECONCILATION_FIELD:entitlementid

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-adToGroupsMap: [customproperty4:groupType_char, customproperty10:objectCategory_char, customproperty5:dSCorePropagationData_char, customproperty2:memberOf_char, customproperty12:dn_char, customproperty3:uSNCreated_char, customproperty11:sAMAccountName_char, customproperty1:sAMAccountType_char, entitlementid:objectGUID_Binary, customproperty17:distinguishedName_char, customproperty14:objectClass_char, customproperty13:cn_char, lastscandate:whenCreated_date, customproperty15:managedBy_char, entitlement_glossary:description_char, memberhash:member_char, updatedate:whenChanged_date, customproperty8:instanceType_char, entitlement_value:distinguishedName_char, customproperty9:name_char, status:isCriticalSystemObject_char]

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Attributes to be returned from LDAP - [member, samaccounttype, whenchanged, memberof, instancetype, usncreated, grouptype, dscorepropagationdata, distinguishedname, cn, whencreated, managedby, description, name, objectcategory, samaccountname, objectsid, dn, objectguid, objectclass, memberuid, displayName, nisnetgrouptriple, "memberof", "true", "false", "whenchanged", "(objectclass=group)", "managedby", "comments", iscriticalsystemobject]

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Enter getLDAPContext

2024-02-10T00:10:27+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-calling executeRequestWithTimeoutConfig for api...

2024-02-10T00:10:27+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-calling api...

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Enter acquireLDAPContext

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Setting default timeout

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Env Properties in IMPORTJSON: null

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-enable_dclocator = false

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Exit getLDAPContext

2024-02-10T00:10:27+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-called api...

2024-02-10T00:10:27+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-timeout validated for api...

2024-02-10T00:10:27+05:30-ecm-worker-services.HttpClientUtilityService-quartzScheduler_Worker-3-q686p-DEBUG-got response for api...

2024-02-10T00:10:27+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-3-q686p-DEBUG-entValueDetailMap= [CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au;:;23:[groupType:-2147483646, whenCreated:20240209184027.0Z, sAMAccountName:PMT2, instanceType:4, objectClass:"top","group", distinguishedName:CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au, dn:CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au, cn:PMT2, whenChanged:20240209184027.0Z, sAMAccountType:268435456, name:PMT2, objectGUID:09d7c8cc-18af-446c-822a-ca6383a92a3c, dSCorePropagationData:16010101000000.0Z, objectSid:S-1-5-21-2630746804-3755593408-721973210-502343, uSNCreated:54991076, nameinnamespace:CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au, objectCategory:CN=Group,CN=Schema,CN=Configuration,DC=uniwadev,DC=uwa,DC=edu,DC=au]]

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Importing Entitlement_values

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Pre-validation Entitlement RECONCILATION_FIELD: null

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Post-validation Entitlement RECONCILATION_FIELD: entitlement_value

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-ent reconcilationADAttribute= entitlement_value

2024-02-10T00:10:27+05:30-ecm-worker-services.AdImportService-quartzScheduler_Worker-3-q686p-DEBUG-Query to insert/update into ENTITLEMENT_VALUES: INSERT INTO ENTITLEMENT_VALUES SET ORPHAN=0,SOX_CRITICAL=0,SYS_CRITICAL=0,JOB_ID=113924,customproperty4='-2147483646',customproperty10='CN=Group,CN=Schema,CN=Configuration,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty5='16010101000000.0Z',customproperty2=null,customproperty12='CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty3='54991076',customproperty11='PMT2',customproperty1='268435456',entitlementid='09d7c8cc-18af-446c-822a-ca6383a92a3c',customproperty17='CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty14='"top","group"',customproperty13='PMT2',lastscandate='2024-02-09 18:40:27',customproperty15=null,entitlement_glossary=null,updatedate='2024-02-09 18:40:27',customproperty8='4',entitlement_value='CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty9='PMT2',status=1,ENTITLEMENTTYPEKEY=23 on duplicate key update JOB_ID=113924 ,customproperty4='-2147483646',customproperty10='CN=Group,CN=Schema,CN=Configuration,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty5='16010101000000.0Z',customproperty2=null,customproperty12='CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty3='54991076',customproperty11='PMT2',customproperty1='268435456',entitlementid='09d7c8cc-18af-446c-822a-ca6383a92a3c',customproperty17='CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty14='"top","group"',customproperty13='PMT2',lastscandate='2024-02-09 18:40:27',customproperty15=null,entitlement_glossary=null,updatedate='2024-02-09 18:40:27',customproperty8='4',entitlement_value='CN=PMT2,OU=Groups,DC=uniwadev,DC=uwa,DC=edu,DC=au',customproperty9='PMT2',status=1

poonammhetre · ‎02/12/2024

@rushikeshvartak @pmahalle do you have any pointers on this issue?

pmahalle · ‎02/12/2024

Hi @poonammhetre ,

Are you importing entitlement/group owner when you are reconciling the accesses/group from AD? Cn you share groupimportmapping of your AD?

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

poonammhetre · ‎02/12/2024

@pmahalle Yes. we are importing owner. Please find below JSON.

{
"entitlementTypeName": "memberOf",
"importGroupHierarchy": "true",
"performGroupAccountLinking": "true",
"importnestedmembershipoutofscope": "false",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"entitlementOwnerAttribute": "managedBy",
"tableFieldAttribute": "comments",
"mapping": "memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:memberOf_char,customproperty8:instanceType_char, customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char, customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,customproperty9:name_char, customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,customproperty14:objectClass_char,status:isCriticalSystemObject_char, entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customproperty17:distinguishedName_char,updatedate:whenChanged_date, RECONCILATION_FIELD:entitlementid"
}

pmahalle · ‎02/12/2024

@poonammhetre ,

Can you try your use case by removing entitlementOwnerAttribute and tableFieldAttribute from groupimportmapping json highlighted below once and provide the observation.

{
"entitlementTypeName": "memberOf",
"importGroupHierarchy": "true",
"performGroupAccountLinking": "true",
"importnestedmembershipoutofscope": "false",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"entitlementOwnerAttribute": "managedBy",
"tableFieldAttribute": "comments",
"mapping": "memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:memberOf_char,customproperty8:instanceType_char, customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char, customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,customproperty9:name_char, customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,customproperty14:objectClass_char,status:isCriticalSystemObject_char, entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customproperty17:distinguishedName_char,updatedate:whenChanged_date, RECONCILATION_FIELD:entitlementid"
}

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

poonammhetre · ‎02/12/2024

@pmahalle As suggested I removed the owner mapping from JSON and tested but it is giving the same result. mangedBy attribute is not updated.

Are there any changes in latest release? we are currently on 24.1 . I recall it was working as expected in old release 2021. also in this forum post user mentioned that it waa possible to hard code the managedBy attribute. (version 23.1)

Solved: AD Group Management : Group Owner in createUpdateM... - Saviynt Forums - 33417

Thanks,

Poonam

pmahalle · ‎02/12/2024

@poonammhetre ,

You mean it was working for you in version 2021?

In Saviynt when we create AD group with user as an owner, managedBy attribute set in AD with that user's DN and at the same time same user set as an owner of that entitlement/group. But here in your case part1 is possible but part2 where we set owner for entitlement in Saviynt would not be possible since it is group and not user in Saviynt, I think that could be the issue.

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

poonammhetre · ‎02/12/2024

@pmahalle

You mean it was working for you in version 2021?

==> Yes, It was working in 2021 where we can set users DN in managedBy Attribute. Issue is that now , on latest version, even we are not able to hardcode userDN value for managedBy attribute.

managedBy attribute only gets updated in AD when owner is selected from UI while group creation and if we use below code in createUpdateGroup Mappings.

${allOwnerList?.size()>0 && ownerAccountListMap.size()>0 && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).get(0)?.comments:""}

Somehow I suspect that saviynt is not supported any hardcoded value in managedBy attribute which was working in earlier releases.

Thanks,

Poonam

pmahalle · ‎02/12/2024

@poonammhetre ,

What's your actual issue

1. You are not able set hardcoded user manager DN in managedBy attribute? or

2. You are not able to set group DN value in managedBy for some other AD group?

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

poonammhetre · ‎02/12/2024

@pmahalle Actual issue is that I am not able to set hardcoded value for managedBy attribute weather it is user or group.

Ultimate goal is to set default owner as group but since it was not working with group value , I tested with user (account DN ) and found out it is not working either.

Thanks,

Poonam

poonammhetre · ‎02/12/2024

@pmahalle After doing some testing, I found that managedBy attribute gets updated only when we select the owner from UI.

1) I hardcoded the group value for managedBy attribute in createUpdateMapping.

2) Selected the group owner as random user from UI while group creation.

Group got created with managedBy hardcoded value.

It means hardcoded value will be updated but for that you need to first select the owner from UI which is not correct. It looks like saviynt bug.

Thanks,

Poonam

Saviynt Forums

How to set another AD group as default group owner