Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/25/2024 06:20 AM
Hello,
regarding multiple entitlement owner assignment, i saw the following post:
https://forums.saviynt.com/t5/identity-governance/how-to-provision-multiple-owners-for-ad-groups/m-p...
"otherManagedBy": "${allOwnerList?.size() > 1 && ownerAccountListMap.size() > 0 && ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username) != null && ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username).size() > 0 ? ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username).get(0)?.accountID : null}"
i tried this in groupImportMapping and createUpdateMappings but it didn't work when i run the job access import
the connection is AD and i have at least 3 owners to attach.
my question is, how do i trigger it is job access import enough? also why it didn't work ? how do i adjust it to match n owners because it could be more than 3 and if it is not possible how do i adjust it for 3 owners for example.
i would really appreciate your help i went through many posts providing the same answer,
thank you !!
note: i also tried this solution : https://forums.saviynt.com/t5/identity-governance/adsi-add-group-owner-to-provisioning-json/m-p/1167...
but i saw a note saying there is no default action for Map Entitlement Owner therefore it is impossible to map 1k+ owners manually, is there a way or update regarding that ? thank you !
09/25/2024 06:28 AM
09/25/2024 06:43 AM
@rushikeshvartak thank you for your answer,
so basically there is not a way to do it in the import directly?
i saw your solution:
select customproperty2 as entitlement_values__entitlement_value, ev.ENTITLEMENT_VALUEKEY as ENTITLEMENT_VALUES__PRIMARYKEY FROM entitlement_values ev WHERE ev.ENTITLEMENTTYPEKEY='123' and customproperty2 is not null
this is when we don't use postman right? and this is regarding the solution of the analytocs not the code " the groupImportMapping or createupdatemapping? " ?
so in my case i would save the owners values of the multistring attribute i have to a CP and from this CP i do this query?
i am already saving the owners DN in a CP but for some reason it saved only 2 DNs out of 3 DNs and i am using CP3 .
and these are seperated by "," would this be an issue here?
example of the DN of owners:
CN=xxxx,OU=xxx,OU=xxx,OU=xxx,OU=xxxx,DC=xxx,DC=xxx,DC=xxxx,
CN=xxxx,OU=xxxx,OU=xxxxxx,OU=xxxxx,OU=xxx,DC=xxxx,DC=xxxx,DC=xxxx,
CN=xxxx,OU=xxxx,OU=xxxxxx,OU=xxxxx,OU=xxx,DC=xxxx,DC=xxxx,DC=xxxx
09/25/2024 06:58 AM - edited 09/25/2024 06:59 AM
Yes. Add double quote behind the entitlement name of Ad
09/25/2024 07:02 AM
@rushikeshvartak
i am sorry, but i dont get it which is correct? and where to add the double quote?
i am sorry if it is a misunderstanding but i meant here (and these are seperated by ",") is not "" it is ,
sample:
CN=xxxx,OU=xxx,OU=xxx,OU=xxx,OU=xxxx,DC=xxx,DC=xxx,DC=xxxx,
CN=xxxx,OU=xxxx,OU=xxxxxx,OU=xxxxx,OU=xxx,DC=xxxx,DC=xxxx,DC=xxxx,
CN=xxxx,OU=xxxx,OU=xxxxxx,OU=xxxxx,OU=xxx,DC=xxxx,DC=xxxx,DC=xxxx
09/25/2024 07:08 AM
You can use as below
09/25/2024 07:11 AM - edited 09/25/2024 07:11 AM
@rushikeshvartak
knowing that i am assigning the owners not the name,
could you please provide me with the steps for the issue so i can understand it better?
basically you mean i can still use the following analytics:
SELECT e.endpointname AS APPLICATION, et.ENTITLEMENTNAME AS 'ENTITLEMENT TYPE', ev.entitlement_value AS 'ENTITLEMENT NAME', ev.ENTITLEMENT_VALUEKEY AS 'entvaluekey' FROM entitlement_values ev JOIN entitlement_types et ON ev.ENTITLEMENTTYPEKEY = et.ENTITLEMENTTYPEKEY JOIN endpoints e ON et.ENDPOINTKEY = e.ENDPOINTKEY WHERE e.ENDPOINTKEY = 6 AND ev.ENTITLEMENT_VALUEKEY NOT IN ( SELECT DISTINCT ENTITLEMENT_VALUEKEY FROM entitlement_owners );
but since Map entitlement owner can't be a default action and if i can do 1000 entitelement manually, you suggested to ?
can you please write me the steps
really appreciate it !
09/25/2024 07:12 AM - edited 09/25/2024 07:13 AM
Use postman runner follow same step
use same {{url}}/ECM/{{path}}/createUpdateEntitlement URL
This method creates a new "entitlementvalue" for an "endpoint" in SSM. All the input parameters it requires are attributes with which the new account record would get created.
Ensure: The Authorization header variable must be set to Bearer followed by Token.
Mandatory params:
endpoint, entitlementtype, entitlement_value
Optional params:
attributes for Entitlement_values,
entitlementowner<N> - N is the rank, entitlementowner modifies entitlementowner with rank 1, entitlementowner3 - modifies entitlementowner with rank 3,
entitlementID,newentitlement_value - used to update the entitlement if multiple entitlements with same entitlement_value are pres
https://documenter.getpostman.com/view/36611902/2sAXqs8i1u#4a7024b9-c593-481e-9277-b079df2084d4
09/25/2024 07:17 AM - edited 09/25/2024 07:21 AM
@rushikeshvartak i understand i checked this but updating the entitlement value won't assign the entitlement owner right? the main issue is that multiple owners are not being assigned to ent owner
i found only about from csv file but not import / or queries:
https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...
09/25/2024 07:48 AM - edited 09/25/2024 07:49 AM
{
"endpoint":"Workday",
"entitlementtype":"Security-Groups",
"entitlement_value":"Accounts Receivable Specialist (Unconstrained)",
"status":1,
"entitlementowner1":"rvartak"
}
09/25/2024 08:11 AM
@rushikeshvartak so you mean this will trigger the actions created by the analaytics query ? instead of having Map Entitlement Owner as default action ?
"the query i have is :
select e.endpointname AS APPLICATION, et.ENTITLEMENTNAME as 'ENTITLEMENT TYPE', ev.entitlement_value AS 'ENTITLEMENT NAME', ev.ENTITLEMENT_VALUEKEY AS 'entvaluekey' from entitlement_values ev, entitlement_owners eo, endpoints e, entitlement_types et where ev.ENTITLEMENTTYPEKEY= et.ENTITLEMENTTYPEKEY and et.ENDPOINTKEY = e.ENDPOINTKEY and ev.ENTITLEMENT_VALUEKEY not in (Select distinct ENTITLEMENT_VALUEKEY from entitlement_owners);
09/25/2024 08:19 AM
Map Entitlement Owner - You need to take actions manually