Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with ServiceNow OOTB remove accessJSON

SumathiSomala
All-Star
All-Star

‎01/09/2024 04:04 AM - edited ‎01/09/2024 08:40 AM

Hi Team,

I have used default remove access Json provided in the documentation to remove role type entitlements from user account.

I am getting below error when provisioning job is executed.

Call response: {"error":{"detail":"Record doesn't exist or ACL restricts the record retrieval","message":"No Record found"},"status":"failure"}

Also uuid values are not getting populated for accont_entitlements1 table. Could you please let me know what could be the issue and how to fix?

{
"call": [{
"name": "Group",
"connection": "userAuth",
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_grmember?user=${account.accountID}",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200]
},
"unsuccessResponses": {
"statusCode": [403]
}
}, {
"name": "Group",
"connection": "userAuth",
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_grmember/${for (Map map : response.Group1.message.result){if (map.group.value.toString().equals(entitlementValue.entitlementID)){return map.sys_id;}}}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/json",
"successResponses": {
"statusCode": [204]
},
"unsuccessResponses": {
"statusCode": [403]
}
}, {
"name": "Roles",
"connection": "userAuth",
"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_has_role/${account_entitlements.uuid}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/json" }]
}

Any help would be appreciated.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
Labels:
0 Kudos
20 REPLIES 20

rushikeshvartak
All-Star
All-Star

‎01/09/2024 08:59 PM

Does API working from postman ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎01/09/2024 09:58 PM

Yes @rushikeshvartak 

Tested in Postman able to remove role type entitlement from account.

 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Manu269
All-Star
All-Star

‎01/09/2024 09:24 PM

@SumathiSomala check this once api explorer in SNOW and validate

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to Manu269

‎01/09/2024 10:03 PM

@Manu269 Checked in postman and in REST API Explorer in ServiceNow working as expected.

Unable to remove access in Saviynt.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Manu269
All-Star
All-Star
In response to SumathiSomala

‎01/10/2024 01:21 AM

Also I see Solved: Servicenow Rest - Remove Access - Saviynt Forums - 1955 this is solved but unable to get hold of json

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to Manu269

‎01/10/2024 01:24 AM - edited ‎01/10/2024 01:25 AM

@Manu269 Yes ,already checked this post.

unable to find the attachment.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Manu269
All-Star
All-Star

‎01/10/2024 01:05 AM

@SumathiSomala you are correct. I could see the revocation for Group works perfectly and the problem is with roles.

@uthra_rahul we need assistance at this.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

uthra_rahul
Saviynt Employee
Saviynt Employee

‎01/10/2024 09:23 AM

@Manu269 Let me check with the team and revert. 

0 Kudos

SumathiSomala
All-Star
All-Star

‎01/16/2024 07:59 AM - edited ‎01/16/2024 08:00 AM

Hi Team, 

Any update on this? 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

puneetkhullar
Saviynt Employee
Saviynt Employee

‎01/17/2024 04:11 PM

${account_entitlements.uuid} is accessible in REMOVE access JSON which you're already using but can you check this is getting reconciled and mapping id done as an example below during reconciliation. 

Example :

"colsToPropsMap": {
"uuid": "item.id~#~char"
}

SumathiSomala
All-Star
All-Star
In response to puneetkhullar

‎01/23/2024 03:50 AM

@puneetkhullar I have mapped sys_id to uuid ,still getting the same error

"colsToPropsMap":{
"description":"description~#~char",
"customproperty3":"elevated_privilege~#~char",
"entitlementID":"sys_id~#~char",
"uuid":"sys_id~#~char",
"entitlement_Value":"name~#~char",
"displayname":"sys_name~#~char"
}

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎01/23/2024 05:34 AM

Is it mapped in saviynt entitlement?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎01/23/2024 05:42 AM

@rushikeshvartak Could you please elaborate

I have used above mapping in Entitlementparms ,Ran the account and access import then performed the remove entitlement.

 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎01/23/2024 06:05 AM

Did uuid populated in entitlement_values table


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎01/23/2024 06:09 AM

@rushikeshvartak unable to see uuid column in entitlement_values table

do we need analytics report to check this?

SumathiSomala_0-1706018917616.png

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎01/23/2024 08:03 PM

select ENTITLEMENTID_LONG from entitlement_values


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎01/24/2024 05:39 AM

@rushikeshvartak Checked in data analyzer

EntitlementID is populates with sys_id.

"entitlementID":"sys_id~#~char",

 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎01/24/2024 09:18 AM

What about in account_entitlements1 table


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SumathiSomala
All-Star
All-Star

‎01/30/2024 12:42 AM

@puneetkhullar @uthra_rahul Any update on this?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

puneetkhullar
Saviynt Employee
Saviynt Employee

‎02/02/2024 10:01 AM - edited ‎02/02/2024 10:02 AM

uuid field is present under  account_entitlements1 table. Can you check if the value is populated there. If the value is not present under the account_entitlements1 for that specific accountkey then this will fail.

"url": "https://<hostname>.service-now.com/api/now/v1/table/sys_user_has_role/${account_entitlements.uuid}",

 

Also Show logs config has to be true in the connector and logs can help identify more what is going as a value in the complete URL. Please raise FD ticket as well for the same.
 

0 Kudos
Copyright © 2024 Khoros, LLC