Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ImportAccountEntJSON- To fix the Hierarchy

PuspanjaliM
New Contributor II
New Contributor II

‎06/17/2024 11:33 PM

Hi Team,

We have a application(Alfa), which has 2 type of entitlement ( AuthorityGroups and Role)

In case of Group it has API to import the "entitlement" and "AccountWithEntitlement".

But in case of Role, it has single API to import "AccountWithEntitlement". So we created all the entitlement through CSV directly on Saviynt.

PuspanjaliM_0-1718691108049.png

Response of "AccountWithEntitlement" for ROLE, like below

PuspanjaliM_1-1718691776028.png

Below is the JSON, I'm using on Saviynt. For "AuthorityGroups" it's working fine.

Could Team help me with "ROLE" to establish the Account entitlement Hierarchy?

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"deleteLinks": false,
"accountThresholdValue": 30,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/json/user/v1/mouser/listUsers",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userId~#~char",
"displayName": "name~#~char",
"customproperty1": "email~#~char",
"customproperty2": "department~#~char",
"customproperty3": "branch~#~char",
"customproperty4": "telephoneNumber~#~char",
"customproperty5": "available~#~char",
"customproperty6": "enabledFrom~#~char",
"customproperty7": "disabledFrom~#~char",
"customproperty8": "workflowUser~#~char",
"customproperty9": "workflowUserType~#~char",

"customproperty10": "salespersonCode~#~char",
"customproperty11": "salesperson~#~char",
"customproperty12": "salesManager~#~char",
"customproperty13": "salesAdministrator~#~char",

"customproperty14": "underwriter~#~char",
"customproperty15": "sanctionOfficer~#~char",
"customproperty16": "rateSanctionOfficer~#~char",
"customproperty17": "suppInvoiceMismatchAuthorised~#~char"
}

}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"AuthorityGroups": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https:/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/json/user/v1/mouser/listAuthorityGroups",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "code~#~char",
"entitlement_value": "code~#~char",
"description": "description~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"listField": "members",
"idPath": "",
"keyField": "accountID",
"importAsAccount": false
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"AuthorityGroups": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "entToAcctMapping"
}
}
},
"Role": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "acctToEntMapping",
"http": {
"httpHeaders": {
"Content-Type": "application/json"
},
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/json/user/v1/user/listStaticRolesForUser?userId=${id}",
"httpMethod": "GET"
},
"listField": "",
"entKeyField": "ENTITLEMENT_VALUE",
"acctIdPath": "",
"acctKeyField": "accountID"
}
}
}
}

}
}

PuspanjaliM_2-1718692121518.png

 

Labels:
0 Kudos
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

‎06/18/2024 03:49 PM

You need to write java code using const in cp31 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

PuspanjaliM
New Contributor II
New Contributor II
In response to rushikeshvartak

‎06/19/2024 01:49 AM

Hi Rushikesh,

Do you have any sample document.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to PuspanjaliM

‎06/19/2024 09:37 PM

"customproperty31": "#CONST#${String output1=response.roles.replaceAll(', ','\",\"'); beg= ' {\"Group\":{\"entIds\":[\"'; end= '\"],\"keyField\":\"entitlementID\"}}' ; output2= beg.concat(output1) ; finoutput= output2.concat(end) ; return finoutput}~#~char".


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

PuspanjaliM
New Contributor II
New Contributor II
In response to rushikeshvartak

‎06/28/2024 08:19 AM

Hi Rushikesh,

Thank you for the response, Could you please help me with the below query?
After the analysis, I revised the JSON to below as per the API response.

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"deleteLinks": false,
"accountThresholdValue": 30,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxx/json/user/v1/xxx/listUsers",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userId~#~char",
"displayName": "name~#~char",
"customproperty1": "email~#~char",
"customproperty2": "department~#~char",
"customproperty3": "branch~#~char",
"customproperty4": "telephoneNumber~#~char",
"customproperty5": "available~#~char",
"customproperty6": "enabledFrom~#~char",
"customproperty7": "disabledFrom~#~char",
"customproperty8": "workflowUser~#~char",
"customproperty9": "workflowUserType~#~char",
"customproperty10": "salespersonCode~#~char",
"customproperty11": "salesperson~#~char",
"customproperty12": "salesManager~#~char",
"customproperty13": "salesAdministrator~#~char",
"customproperty14": "underwriter~#~char",
"customproperty15": "sanctionOfficer~#~char",
"customproperty16": "rateSanctionOfficer~#~char",
"customproperty17": "suppInvoiceMismatchAuthorised~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"AuthorityGroups": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/json/user/v1/xxxxxx/listAuthorityGroups",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "code~#~char",
"entitlement_value": "code~#~char",
"description": "description~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"listField": "members",
"idPath": "",
"keyField": "accountID",
"importAsAccount": false
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"AuthorityGroups": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "entToAcctMapping"
}
}
},
"Role": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpAcctToEnt",
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/json/user/v1/user/listStaticRolesForUser?userId=${id}",
"httpHeaders": {
"Content-Type": "application/json"
},
"httpMethod": "POST"
},
"listField": "",
"entKeyField": "entitlement_value",
"entIdPath": "",
"acctKeyField": "accountID"
}
}
}
}
}
}

As I mentioned earlier, the Application has 2 types of entitlement( AuthorityGroups and Role). But App don't have API to import entitlement of type Role. So we manually created the entitlement on Saviynt. But the Application has "AccountToEntitlement" import API, which I'm trying to use on the "acctEntParams" section of JSON.

Note-We are using a separate API only to import Account for "accountParams" section of JSON.


Could you confirm your suggested solution still applies to the new JSON with "processingType": "httpAcctToEnt" of acctEntParams?
If yes could you let me know,

Does Java code need to be in accountsParam of colsToPropsMap?
Is this "response. roles" part of the Java code referring to the response of entitlement type in acctEntParams?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to PuspanjaliM

‎06/28/2024 11:01 AM

It will be java codd with help of #CONST


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC