Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Need to setup Entitlement Hierarchy and Association for DB Connection

Gurukrishna96
New Contributor
New Contributor

Hello All,

We have to setup a DB connection to bring in the access level along with the actual entitlement. Below is how the data looks on the target end -

ACCESS_LEVEL ACTUAL_ENTITLEMENT APPLICATION_USER_TKEY
RW AFFLT UserXXXX

Here the access level read-write is associated with the entitlement AFFLT for the user.

Could you please suggest what approach we could take to represent the account entitlement association under account details? 
I am thinking of considering AFFLT as the parent entitlement and RW as child of AFFLT? Is that the correct way? If so, how do we set that up?

basically, in Saviynt, how can we show the relation between 'AFFLT' and 'RW'?

[This message has been edited by moderator to merge reply comment]

3 REPLIES 3

Amit_Malik
Valued Contributor II
Valued Contributor II

Hi @Gurukrishna96 ,

try using entitlement type privileges. 

https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter02-Identity-Repository/Viewi...

AmitM_0-1719320118465.png

If you need more details on how this work, practical use case, refer this : https://docs.saviyntcloud.com/bundle/Thycotic-v24x/page/Content/Understanding-the-Integration-betwee...

AmitM_1-1719320209659.png

You dont need to reconcile RW / R etc from endpoint , these generally doesn't change and you can setup it while creating entitlement types.

When some body request entitlement , Saviynt will ask them Read or Write or something else, and you can provision that in DB

 

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

 

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

rushikeshvartak
All-Star
All-Star
  • Use Ent2 XML and use ALTR as parent and RW as child/privilege under parent entitlement.
  • Sample

 

<dataMapping>
    <sql-query description="This is the Source DB Query">
        <![CDATA[select systemname,endpointname,etkey1,etkey2,ev1,ev2 from db_import_ent]]>
    </sql-query>
    <mapper description="This is the mapping field for Saviynt Field name">
        <mapfield saviyntproperty="securitysystems1" sourceproperty="systemname" type="character"></mapfield>
        <mapfield saviyntproperty="securitysystems2" sourceproperty="systemname" type="character"></mapfield>
        <mapfield saviyntproperty="securitysystems.systemname" sourceproperty="applicationname" type="character"/>
        <mapfield saviyntproperty="endpoints1" sourceproperty="endpointname" type="character"></mapfield>
        <mapfield saviyntproperty="endpoints2" sourceproperty="endpointname" type="character"></mapfield>
        <mapfield saviyntproperty="entitlementtypes1" sourceproperty="etkey1" type="character"></mapfield>
        <mapfield saviyntproperty="entitlementtypes2" sourceproperty="etkey2" type="character"></mapfield>
        <mapfield saviyntproperty="entitlements2.entitlement_value1" sourceproperty="ev1" type="character"></mapfield>
        <mapfield saviyntproperty="entitlements2.entitlement_value2" sourceproperty="ev2" type="character"></mapfield>
    </mapper>
</dataMapping>

 

Ent 2 DB XML - https://docs.saviyntcloud.com/bundle/Database-v24x/page/Content/Configuring-the-Integration-for-Impo...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak and @Amit_Malik Thanks for the suggestions.

In our scope of integration, we do not have provisioning but only reconciliation at the moment, so I feel that we need to import rather than setup the privilege at entitlement type level in Saviynt as access level is is going to be reviewed during certification.

Also, could you pls help me understand the below 2 xml lines -
 

<mapfield saviyntproperty="entitlements2.entitlement_value1" sourceproperty="ev1" type="character"></mapfield>
        <mapfield saviyntproperty="entitlements2.entitlement_value2" sourceproperty="ev2" type="character"></mapfield>

1. What is entitlements2? is it the actual entitlement type OR read-write privilege entitlement type?
2. entitlement_value1 and entitlement_value2 will have what values?
3. Will the above mapping require a different connection/security system and import job? Please explain in detail in case you've previously seen a similar requirement. I'm not able to understand much based on the documentation