Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/09/2023 03:36 AM
HI,
I am looking at create.gsp page to create AD groups. Can we make Owner as mandatory field for the groups created. Let me know if any one has acheived it.
Is it possible to make requested as the default rank1 for the group created?
10/09/2023 03:55 AM
I dont think owner selection can be made mandatory through gsp during AD group creation.
We have below condition in workflow to auto reject requests raised without owner to make sure all the groups created via Saviynt have Owner details.
entitlement.ownerRank1 != null and entitlement.ownerRank1.size() != 0
Thanks,
Smitha
10/09/2023 04:02 AM
I have this set in workflow. But wanted UI to be more clear for the requestor to add the owner before submitting request
10/09/2023 06:19 AM
I dont think there is option to make it mandatory.
You can update the label saying that adding owner is mandatory.
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
10/10/2023 02:07 AM - edited 10/10/2023 02:08 AM
Hi @dgandhi , @smitg If the owner cannot be made mandatory can we add requestor as owner for the AD Group. i am looking at the below json
"managedBy": "${allOwnerList?.size()>0 && ownerAccountListMap.size()>0 && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).get(0)?.accountID:${requestor.customproperty59}}",
Will this work?
10/12/2023 11:24 PM
HI team,
I am trying to add Owner based on the customproperty59 of user for the newly created AD group.
I am using below json
{"cn": "${role?.customproperty27}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=esselgroup,DC=local",
"sAMAccountName": "${role?.customproperty27}",
"objectClass": "group",
"name": "${role?.customproperty27}", "managedBy": "${user.customproperty59}","groupType":"${if (role.customproperty21 == 'Security' && role.customproperty22 == 'Global') '-2147483646' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Domain Local') '-2147483644' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Universal') '-2147483640' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Global') '2' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Domain Local') '4' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Universal') '8' else ''}"}
and it is erroring out with the error
10/12/2023 11:48 PM
Hi @saipraveengv ,
Why you are using customproperty59 of users to set as owner? Are you keeping user's AD DN in CP59 and expecting DN of owner selected during user creation/update automatically populated from CP59?
Use below expression in you createupdatemappings. It will automatically fetch the owner's DN from accountid of the user's AD account selected during AD group creation.
"managedBy":"${if(ownerAccountListMap.size()>0 && allOwnerList.size()>0){ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.accountID:''}else{''}}"
Let me know if it helps.
10/12/2023 11:52 PM - edited 10/12/2023 11:53 PM
hi @pmahalle I am saving users DN in CP59. The json you gave will work if the Owner is added during creation but if the requestor doesnt add the owner during creation, i wanted owner DN to be picked up from CP59. I have tried multiple if else and it didnot help me.
10/12/2023 11:56 PM
Hi @saipraveengv ,
I don't think user object is available directly in createupdatemapping json and that's why you are getting null object exception.
10/13/2023 12:14 AM
I have used the below json form Document portal.
"cn":"${role?.customproperty1}",
"objectCategory":"CN=Group,CN=Schema,
CN=Configuration,DC=corpAD,DC=saviynt,DC=com",
"distinguishedName":"${role?.role_name}",
"displayName":"${role?.displayname}",
"SamAccountName":"${role?.customproperty1}",
"description":"${role?.description}",
"Info":"${role?.customproperty2}",
"objectClass":"group",
"managedBy":"${user?.customproperty7}",
"name":"${role?.customproperty1}",
"memberOf":"${role?.customproperty9}".
I don't think user object is not exposed for this?
10/13/2023 12:25 AM
Hi @saipraveengv ,
Yes user object might not available in that JSON. So better user handle at workflow level. Reject the request automatically if user did not select owner while creating AD group as we can not make owner selection mandatory.
User below query in if-else block of the workflow:
entitlement.ownerRank1 != null and entitlement.ownerRank1.size() != 0
10/13/2023 12:28 AM
I don't want that approach. It would lead to more operational issues. Is there any logic that i can use to make owner as default requestor?
10/13/2023 01:09 AM
Hi @saipraveengv ,
I don't thinks its possible. Better raise FD ticket and check with Saviynt. If not achievable, raise it as idea on ideas portal.