and more in a single search tool across platforms. Read the announcement here. |
12/19/2023 08:05 AM
We have configured a target salesforce application using the REST Connector. Upon a Role removal a remove access task gets triggered for 'profile' entitlement type. However upon provisioning the task doesnot gets processed as in salesforce profile is an mandatory attribute for any user.
Due to the profile task not getting processed the user role also doesnt get removed in Saviynt.
Could you please suggest an approach on the Remove access task for 'profile' can be handled in Saviynt so that the role can be removed.
12/19/2023 08:10 AM
@Anu What is request-option for entitlement types under endpoint?
12/19/2023 08:22 AM - edited 12/19/2023 08:22 AM
@SumathiSomala For Profile the request option we have marked as dropdown(single) because we have profile prioritization configuration enabled.
12/19/2023 08:27 AM
@Anu Please check Create Task Action under profile entitlement details page
Keep Create Task Action as No action from dropdown and then try
12/19/2023 08:31 AM
@SumathiSomala We already have Create Task Action set as No action configured by default for profile entitlement type
12/19/2023 08:51 AM
enable below for Ent type - Profile
12/19/2023 09:29 AM
@rushikeshvartak We already have an remove access task getting generated for profile. All remove access task gets provisioned successful however only the profile removal task task fails because salesforce doesnot allow removal of profile. Is there an option to just complete this task in Savinyt?
12/19/2023 10:02 AM
@Anu : You have to handle the logic in your RemoveAccessJSON in such a way that if entitlement type is profile then give some success msg otherwise call your actual remove logic.
12/19/2023 06:53 PM
Salesforce connector does not have JSONs
12/20/2023 10:55 AM
12/21/2023 05:52 AM - edited 12/21/2023 09:10 AM
@sk Its a REST based implementation . Can you please share a sample on how the profile task can be handled in removeJSON for task to be just completed in Saviynt without any action in target
12/21/2023 09:08 AM - edited 12/21/2023 09:12 AM
If its rest call dummy api and complete task.
what is siga?
"Profile": { "callOrder": 1, "dummyCall": true, "stageNumber": 4 }
01/16/2024 05:01 AM
Hi @rushikeshvartak As suggested we have added a dummy call in remove Access Json but one of the usecase if failing.
working usecase: When user submits only remove role request it is working as expected.
Not working usecase: when user already has Role A and User submit request for new Role B and remove Role A(In single request). All the Add Access and remove task gets triggered as expected however the newly added Role B 'profile' add access task remains in "new" state with below error.
{"Profile":{"headers":null,"message":[{"message":"unable to obtain exclusive access to this record or 1 records: xxxxxx","errorCode":"UNABLE_TO_LOCK_ROW","fields":[]}],"statusCode":500,"description":null,"status":"Failed"}}
Please note we also have profile prioritization enabled.
Could you please assist on how to fix the same.
01/16/2024 05:16 AM
Share json
01/16/2024 08:31 AM
01/16/2024 10:55 AM
In add access - check if user already have profile if yes dont call add profile api
01/17/2024 12:51 AM
@rushikeshvartak Thanks for the update. As part of different roles we have different profiles mapped so we cannot have this condition added.
01/17/2024 08:20 PM
Use Task execution Hierarchy from global config which will remove the profile first then add
01/22/2024 12:27 AM - edited 01/23/2024 04:31 AM
Hi @rushikeshvartak As its a global platform with multiple applications we are not allowed to make any changes to the global configs . Could you please provide another alternate? Below i have provided the failed test case scenario.
Unsuccessful testcase: User submits ADD role(High priority profile entitlement) and REMOVE role (low priority)
Result: Remove Access for profile(low priority) task status is 'No Action Required' hence the Add access profile task remains in 'New' Status.
Error :{"Profile":{"headers":null,"message":[{"message":"unable to obtain exclusive access to this record or 1 records: 00e58000000z9NvAAI","errorCode":"UNABLE_TO_LOCK_ROW","fields":[]}],"statusCode":500,"description":null,"status":"Failed"}}
Successful Testcase: User submits ADD role (low priority profile task) and REMOVE role (high priority)
Result: All the Add Access and Remove Access tasks completes as expected
01/23/2024 08:45 PM
Solution is global configuration only. This has been implemented in our customer.
12/19/2023 06:54 PM
You can discontinue task using customquery job before WSRETRY
12/19/2023 10:18 PM
@rushikeshvartak Thanks for the response. If we discontinue the task using custom query the task would get completed but the actual profile entitlement would not go from users which means the role also would not get removed. Is there an option to complete the task and have the respective entitlement removed from saviynt so that the role also gets removed?
12/19/2023 11:05 PM
Enable - Create Dependent task under Endpoint level and validate
12/19/2023 11:50 PM
@rushikeshvartak We already have this configuration enabled
12/20/2023 10:57 AM
Please disable and re-test