and more in a single search tool across platforms. Read the announcement here. |
05/24/2023 12:38 AM - edited 05/29/2023 12:43 PM
Hi there,
We have a requirement for one of the REST based application integration where during role assignment a id gets generated and while removing the role from user account the same id has to be passed in to request body and not any other field is supported.
Wanted to understand if we can store the response value received during the role assignment under any of the account customproperty . If yes how to do that?
Below is the response body of the role assignment:
Attached are the Add Access JSON and remove access JSONs.
PFB the correct remove access JSON file and ignore the above
Regards,
Pallavi
{This post has been edited by a moderator to combine two posts.]
Solved! Go to Solution.
05/30/2023 09:48 AM
You can use responseColsToPropsMap for this and can define the path of the attribute you need to map against CP attribute Below is the format for reference.
"accountIdPath": "accountName",
"responseColsToPropsMap": {
"customproperty1": "CreateUser2.message.User.Id~#~char"
},
"call"
05/30/2023 10:02 AM
Hi Sahil,
Thank you for the response.
Can I store the value in create account JSON from the response received in add access JSON. Because in my case I need to store the value of the id received during the role assignment and that id is unique and for removal of the role from user that id has to be passed.
Regards,
Pallavi
05/30/2023 10:11 AM
Though you can use responseColsToPropsMap is Create account as well but this can only be used to store the response of the same JSON call. The value in both cases will be stored on the account attribute so you can still save the value on account's CP attribute with AddAccessJSON.
05/30/2023 10:01 PM
You mean we can have responseColsToPropsMap block added inside roles JSON as well and this will ultimately store the role response under any of the account's CP attribute? I will try this out.
Regards,
Pallavi
06/08/2023 06:54 AM
Hi Sahil,
I really did not understand what exactly you suggested me to do here. Is it like I can have responseColsToPropsMap block inside the AddAccess script or you are suggesting me to have it inside Create Account only and store the response of Add Access in Create Account JSON.
Regards,
Pallavi
06/08/2023 07:26 AM - edited 06/08/2023 07:28 AM
Hi,
I have tried this way but no luck
{
"accountIdPath": "call1.message.data.data[0].id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"customproperty31": "call1.message.email__sys~#~char",
"customproperty32": "call1.message.username__sys~#~char",
"customproperty33": "Role.message.data.data[0].id~#~char"
},
"call": [
{
"name": "call1",
"connection": "userAuth",
"showResponse": true,
"url": "https://test/api/v22.3/vobjects/user__sys?idParam=federated_id__sys",
"httpMethod": "POST",
"httpParams": "[{\"federated_id__sys\":\"${'siga-'+user.firstname+'-siga'}\",\"email__sys\":\"${user.email}\",\"first_name__sys\":\"${user.firstname}\",\"last_name__sys\":\"${user.lastname}\",\"username__sys\":\"${'SIGA-'+user.firstname+'@sb-pmi.com'}\",\"timezone__sys\":\"america_los_angeles__sys\",\"locale__sys\":\"0LO000000000104\",\"language__sys\":\"0LU000000000101\",\"security_profile__sys\":\"0SP000000009002\",\"send_welcome_email__sys\":\"false\",\"license_type__sys\":\"full__v\",\"license_qoneqdocs__sys\":\"full__v\",\"license_qoneqms__sys\":\"full__v\"}]",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
204,
201,
202,
203,
205
]
},
"unsuccessResponses":
{
"statusCode":
[
400,
404
]
}
}
]
}
The call is successfull and account created and access added successfully but the role id returned by AddAcess JSON is not stored anywhere.
Role response:
06/12/2023 12:44 AM
Any suggestion will be really appreciated.
Regards,
Pallavi
06/12/2023 02:48 AM
Alternatively, you can try having 2 calls in your RemoveAccessJSON. The flow will be to
1. First API call to get the user-role assignment ID (HTTP GET call)
2. Use the API response from first call to remove the association. (HTTP DELETE or call supported by the application)
06/12/2023 03:56 AM
Thank you for the response. I will try out this option and check.
Regards,
Pallavi
06/12/2023 03:55 AM
Instead of maintaining data in saviynt using get call for unique identifier
06/13/2023 01:03 AM
Hi,
Thank you for the response. Can you please suggest how to name the calls under the add access files. Because the current name is "Role" and that is the entitlement type I have created under endpoint. If I change the name to Role1 and Role2 etc then the Add access is not working as it is not picking the associated roles. Kindly suggest if there is any other way as I have not done this type of integration before.
Any example file will help.
Regards,
Pallavi
06/13/2023 01:16 AM
You don't need to name it as Role1 and Role2. For both the calls, keep the call name as "Role". Saviynt will internally make it as 'Role1' and 'Role2' during execution.
06/14/2023 01:14 AM
Hi @naveenss ,
I tried setting up the JSON as below and the first call is returning the response correctly but the second call is showing me error
{
"call":[
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/query?q=SELECT+id+FROM+user_role__sys+WHERE+application_role__sys='0AR0000000...}'",
"httpMethod":"POST",
"httpHeaders":{
"Authorization":"${access_token}",
"Content-Type":"application/json",
"Accept":"application/json"
},
"httpContentType":"application/json"
},
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/vobjects/user_role__sys",
"httpMethod": "DELETE",
"httpParams": "[{\"id\":\"${response.Role1.message.data[0].id}\"}]",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json",
"Accept": "application/json"
},
"successResponses":{
"statusCode":[
200,
201,
204,
205
]
}
}
]
}
Response of both the calls:
{"Role1":{"headers":{"Transfer-Encoding":"chunked","Server":"nginx","X-Content-Type-Options":"nosniff","Connection":"keep-alive","Date":"Tue, 13 Jun 2023 14:17:05 GMT","X-VaultAPI-TruncatedSessionId":"49680434FC4165F","X-VaultAPI-BurstLimit":"2000","X-VaultAPI-BurstLimitRemaining":"1999","Strict-Transport-Security":"max-age=31536000;includeSubDomains","X-VaultAPI-UserId":"15765419","Cache-Control":"no-store","X-VaultAPI-VaultId":"97733","Vary":"Accept-Encoding","X-VaultAPI-ExecutionId":"http-VLT-EU-CENTRAL-1-PRODUCTION-2072-9107261-32-1686665825488","X-XSS-Protection":"1; mode=block","Content-Language":"en-US","Content-Type":"application/json;charset=UTF-8"},"message":{"responseStatus":"SUCCESS","responseDetails":{"pagesize":1000,"pageoffset":0,"size":1,"total":1},"data":[{"id":"V7900000008R014"}]},"statusCode":200,"description":null},"Role2":{"headers":{"Transfer-Encoding":"chunked","Server":"nginx","X-Content-Type-Options":"nosniff","Connection":"keep-alive","Date":"Tue, 13 Jun 2023 14:17:06 GMT","X-VaultAPI-TruncatedSessionId":"49680434FC4165F","X-VaultAPI-BurstLimit":"2000","X-VaultAPI-BurstLimitRemaining":"1998","Strict-Transport-Security":"max-age=31536000;includeSubDomains","Cache-Control":"private","X-VaultAPI-UserId":"15765419","X-VaultAPI-VaultId":"97733","Vary":"Accept-Encoding","Expires":"Thu, 01 Jan 1970 00:00:00 GMT","X-VaultAPI-ExecutionId":"http-VLT-EU-CENTRAL-1-PRODUCTION-2072-8451411-13-1686665826094","X-XSS-Protection":"1; mode=block","Content-Type":"application/json;charset=UTF-8"},"message":{"responseStatus":"FAILURE","errors":[{"type":"INVALID_DATA","message":"Invalid request body content"}]},"statusCode":200,"description":null,"status":"Success"}}
I tried multiple options to set in the body of the second call as below but see the same error:
[{\"id\":\"${Role1.message.data[0].id}\"}]
[{\"id\":\"${response.Role1.message.data[0].id}\"}]
[{\"id\":\"${response.Role1.data[0].id}\"}]
[{\"id\":\"${response.data[0].id}\"}]
[{\"id\":\"${response.Role1.message.data.data[0].id}\"}]
Postman request body for the second call is as following and it is working as expected:
Could you kindly suggest if you see anything wrong.
Regards,
Pallavi
06/14/2023 05:43 AM
Hi @naveenss ,
I was able to fix the issue by adding the id to be removed (role id) has to be passed in the request uri and not inside request body. Below is the working script.
{
"call":[
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/query?q=SELECT+id+FROM+user_role__sys+WHERE+application_role__sys='0AR0000000...}'",
"httpMethod":"POST",
"httpHeaders":{
"Authorization":"${access_token}",
"Content-Type":"application/json",
"Accept":"application/json"
},
"httpContentType":"application/json"
},
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/vobjects/user_role__sys/${response.Role1.message.data[0].id}",
"httpMethod": "DELETE",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json",
"Accept": "application/json"
},
"successResponses":{
"statusCode":[
200,
201,
204,
205
]
}
}
]
}