Saviynt Forums

Hello @Sharan ,

Please refer to the below post for details.

https://forums.saviynt.com/t5/identity-governance/how-to-assign-sav-role-quot-role-sav-manager-quot-...

When you enable SaviyntForSaviynt, SAVRoles will get imported as Entitlements under the SaviyntForSaviynt application. 
Your use case looks to be a detective use case which needs to be run as retrofit. 
You can do two things :
1. Use the userimport xml on SaviyntForSaviynt connector to write your conditions as SQL query and update a certain user attribute.

This user attribute update should then trigger a User Update Rule to evaluate a tech rule to assign the required Sav Role.

2. You can write an actionable analytics with your query and assign the SAV role as entitlement via it. This will not be recommended for a large dataset but works well when the dataset is smaller.

Hi @rushikeshvartak , @Manikanta_S 

Thank you! for your response. saviyntforsaviynt configuration option is disabled in 2021 version. could you please share the sample connection details for the rest based. I referred the below link, but there, in the createaccountjson,  call is going for createuser. that is not help ful

https://saviynt.freshdesk.com/support/solutions/articles/43000669684-saviynt-for-saviynt-rest-based-...

Any help would be much appreciated. we tried with the below connection details. 

1)created security system

2)created endpoint

3)created a connection rest based (attached the details)

4) created a user update rule and technical rule. 

5) manually created a entitlements for the endpoint( role_manager and end user) since upload feature is not working in 2021.

6)created a wsretry job and ran it

add access and create account task created in pending tasks. even after running wsretry job. it is not proviosioning. in the logs we found the below,

{"log":"2022-12-22 10:11:17,500 [quartzScheduler_Worker-1] DEBUG rest.RestProvisioningService - Error in provisioning: AccountID is mandatory\n","stream":"stdout","time":"2022-12-22T10:11:17.500572935Z"}

but we have account ID in params.

Create Account Json:

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://domain.saviyntcloud.com/ECM/api/v5/createAccount",
"httpMethod": "POST",
"httpParams":"{\"name\":\"${user.username}\",\"securitysystem\":\"SAVTOSAV_REST1\",\"endpoint\":\"SAVTOSAV_REST1\",\"status\":\"Manually Provisioned\",\"accountid\":\"${user.username}\"}",
"httpHeaders": {
"Content-Type": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,201
]
}
}
]
}

Add access json

{
"call":[
{
"name":"SavRole",
"connection":"acctAuth",
"url":"https://domain-partner.saviyntcloud.com/ECM/api/v5/addremoveuserfromrole",
"httpMethod":"POST",
"httpContentType":"application/json",
"httpParams":"{\"username\":\"${account.accountID}\",\"rolename\":\"${entitlementValue.entitlementID}\",\"operation\":\"1\"}",
"httpHeaders":{
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [
200,
201
]
}
}
]
}

Create Account Json:

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://domain.saviyntcloud.com/ECM/api/v5/createAccount",
"httpMethod": "POST",
"httpParams":"{\"name\":\"${user.username}\",\"securitysystem\":\"SAVTOSAV_REST1\",\"endpoint\":\"SAVTOSAV_REST1\",\"status\":\"Manually Provisioned\",\"accountid\":\"${user.username}\"}",
"httpHeaders": {
"Content-Type": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,201
]
}
}
]
}

Add access json

{
"call":[
{
"name":"SavRole",
"connection":"acctAuth",
"url":"https://domain-partner.saviyntcloud.com/ECM/api/v5/addremoveuserfromrole",
"httpMethod":"POST",
"httpContentType":"application/json",
"httpParams":"{\"username\":\"${account.name}\",\"rolename\":\"${entitlementValue.entitlement_value}\",\"operation\":\"1\"}",
"httpHeaders":{
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [
200,
201
]
}
}
]
}