and more in a single search tool across platforms. Read the announcement here. |
01/09/2024 04:04 AM - edited 01/09/2024 08:40 AM
Hi Team,
I have used default remove access Json provided in the documentation to remove role type entitlements from user account.
I am getting below error when provisioning job is executed.
Call response: {"error":{"detail":"Record doesn't exist or ACL restricts the record retrieval","message":"No Record found"},"status":"failure"}
Also uuid values are not getting populated for accont_entitlements1 table. Could you please let me know what could be the issue and how to fix?
{
"call": [{
"name": "Group",
"connection": "userAuth",
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_grmember?user=${account.accountID}",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200]
},
"unsuccessResponses": {
"statusCode": [403]
}
}, {
"name": "Group",
"connection": "userAuth",
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_grmember/${for (Map map : response.Group1.message.result){if (map.group.value.toString().equals(entitlementValue.entitlementID)){return map.sys_id;}}}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/json",
"successResponses": {
"statusCode": [204]
},
"unsuccessResponses": {
"statusCode": [403]
}
}, {
"name": "Roles",
"connection": "userAuth",
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_has_role/${account_entitlements.uuid}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/json" }]
}
Any help would be appreciated.
01/09/2024 08:59 PM
Does API working from postman ?
01/09/2024 09:58 PM
Yes @rushikeshvartak
Tested in Postman able to remove role type entitlement from account.
01/09/2024 09:24 PM
@SumathiSomala check this once api explorer in SNOW and validate
01/09/2024 10:03 PM
@Manu269 Checked in postman and in REST API Explorer in ServiceNow working as expected.
Unable to remove access in Saviynt.
01/10/2024 01:21 AM
Also I see Solved: Servicenow Rest - Remove Access - Saviynt Forums - 1955 this is solved but unable to get hold of json
01/10/2024 01:24 AM - edited 01/10/2024 01:25 AM
@Manu269 Yes ,already checked this post.
unable to find the attachment.
01/10/2024 01:05 AM
@SumathiSomala you are correct. I could see the revocation for Group works perfectly and the problem is with roles.
@uthra_rahul we need assistance at this.
01/10/2024 09:23 AM
@Manu269 Let me check with the team and revert.
01/16/2024 07:59 AM - edited 01/16/2024 08:00 AM
Hi Team,
Any update on this?
01/17/2024 04:11 PM
${account_entitlements.uuid} is accessible in REMOVE access JSON which you're already using but can you check this is getting reconciled and mapping id done as an example below during reconciliation.
Example :
"colsToPropsMap": {
"uuid": "item.id~#~char"
}
01/23/2024 03:50 AM
@puneetkhullar I have mapped sys_id to uuid ,still getting the same error
"colsToPropsMap":{
"description":"description~#~char",
"customproperty3":"elevated_privilege~#~char",
"entitlementID":"sys_id~#~char",
"uuid":"sys_id~#~char",
"entitlement_Value":"name~#~char",
"displayname":"sys_name~#~char"
}
01/23/2024 05:34 AM
Is it mapped in saviynt entitlement?
01/23/2024 05:42 AM
@rushikeshvartak Could you please elaborate
I have used above mapping in Entitlementparms ,Ran the account and access import then performed the remove entitlement.
01/23/2024 06:05 AM
Did uuid populated in entitlement_values table
01/23/2024 06:09 AM
@rushikeshvartak unable to see uuid column in entitlement_values table
do we need analytics report to check this?
01/23/2024 08:03 PM
select ENTITLEMENTID_LONG from entitlement_values
01/24/2024 05:39 AM
@rushikeshvartak Checked in data analyzer
EntitlementID is populates with sys_id.
"entitlementID":"sys_id~#~char",
01/24/2024 09:18 AM
What about in account_entitlements1 table
01/30/2024 12:42 AM
@puneetkhullar @uthra_rahul Any update on this?
02/02/2024 10:01 AM - edited 02/02/2024 10:02 AM
uuid field is present under account_entitlements1 table. Can you check if the value is populated there. If the value is not present under the account_entitlements1 for that specific accountkey then this will fail.
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_has_role/${account_entitlements.uuid}",
Also Show logs config has to be true in the connector and logs can help identify more what is going as a value in the complete URL. Please raise FD ticket as well for the same.