Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Need to store a value received during role assignment under user/account schema

pborah
Regular Contributor
Regular Contributor

Hi there,

We have a requirement for one of the REST based application integration where during role assignment a id gets generated and while removing the role from user account the same id has to be passed in to request body and not any other field is supported.

Wanted to understand if we can store the response value received during the role assignment under any of the account customproperty . If yes how to do that?

Below is the response body of the role assignment: 

pborah_0-1684913257832.png

 

Attached are the Add Access JSON and remove access JSONs.

pborah_1-1684913607906.png

 

pborah_2-1684913750479.png

PFB the correct remove access JSON file and ignore the above

pborah_0-1684914057719.png

Regards,

Pallavi 

{This post has been edited by a moderator to combine two posts.]

14 REPLIES 14

SB
Saviynt Employee
Saviynt Employee

You can use responseColsToPropsMap for this and can define the path of the attribute you need to map against CP attribute Below is the format for reference. 

"accountIdPath": "accountName",
"responseColsToPropsMap": {
"customproperty1": "CreateUser2.message.User.Id~#~char"
},
"call"


Regards,
Sahil

pborah
Regular Contributor
Regular Contributor

Hi Sahil,

Thank you for the response.

Can I store the value in create account JSON from the response received in add access JSON. Because in my case I need to store the value of the id received during the role assignment and that id is unique and for removal of the role from user that id has to be passed.

Regards,

Pallavi

SB
Saviynt Employee
Saviynt Employee

Though you can use responseColsToPropsMap is Create account as well but this can only be used to store the response of the same JSON call. The value in both cases will be stored on the account attribute so you can still save the value on account's CP attribute with AddAccessJSON.


Regards,
Sahil

pborah
Regular Contributor
Regular Contributor

You mean we can have responseColsToPropsMap block added inside roles JSON as well and this will ultimately store the role response under any of the account's CP attribute? I will try this out.

Regards,

Pallavi

pborah
Regular Contributor
Regular Contributor

Hi Sahil,

I really did not understand what exactly you suggested me to do here. Is it like I can have responseColsToPropsMap block inside the AddAccess script or you are suggesting me to have it inside Create Account only and store the response of Add Access in Create Account JSON.

Regards,

Pallavi 

pborah
Regular Contributor
Regular Contributor

Hi,

I have tried this way but no luck

{
"accountIdPath": "call1.message.data.data[0].id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"customproperty31": "call1.message.email__sys~#~char",
"customproperty32": "call1.message.username__sys~#~char",
"customproperty33": "Role.message.data.data[0].id~#~char"
},
"call": [
{
"name": "call1",
"connection": "userAuth",
"showResponse": true,
"url": "https://test/api/v22.3/vobjects/user__sys?idParam=federated_id__sys",
"httpMethod": "POST",
"httpParams": "[{\"federated_id__sys\":\"${'siga-'+user.firstname+'-siga'}\",\"email__sys\":\"${user.email}\",\"first_name__sys\":\"${user.firstname}\",\"last_name__sys\":\"${user.lastname}\",\"username__sys\":\"${'SIGA-'+user.firstname+'@sb-pmi.com'}\",\"timezone__sys\":\"america_los_angeles__sys\",\"locale__sys\":\"0LO000000000104\",\"language__sys\":\"0LU000000000101\",\"security_profile__sys\":\"0SP000000009002\",\"send_welcome_email__sys\":\"false\",\"license_type__sys\":\"full__v\",\"license_qoneqdocs__sys\":\"full__v\",\"license_qoneqms__sys\":\"full__v\"}]",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
204,
201,
202,
203,
205
]
},
"unsuccessResponses":
{
"statusCode":
[
400,
404
]
}

}
]
}

 

The call is successfull and account created and access added successfully but the role id returned by AddAcess JSON is not stored anywhere.

 

{"Role":{"headers":{"Transfer-Encoding":"chunked","Server":"nginx","X-Content-Type-Options":"nosniff","Connection":"keep-alive","Date":"Thu, 08 Jun 2023 14:20:05 GMT","X-VaultAPI-TruncatedSessionId":"BE6D3D7C3B87C81","X-VaultAPI-BurstLimit":"2000","X-VaultAPI-BurstLimitRemaining":"1998","Strict-Transport-Security":"max-age=31536000;includeSubDomains","X-VaultAPI-UserId":"15765419","Cache-Control":"no-store","X-VaultAPI-VaultId":"97733","Vary":"Accept-Encoding","X-VaultAPI-ExecutionId":"http-VLT-EU-CENTRAL-1-PRODUCTION-2072-619147-23-1686234005293","X-XSS-Protection":"1; mode=block","Content-Language":"en-US","Content-Type":"application/json;charset=UTF-8"},"message":{"responseStatus":"SUCCESS","data":[{"responseStatus":"SUCCESS","data":{"id":"V7900000008Q001","url":"/api/v22.3/vobjects/user_role__sys/V7900000008Q001"}}]},"statusCode":200,"description":null,"status":"Success"}}
 

Role response: 

{"Role":{"headers":{"Transfer-Encoding":"chunked","Server":"nginx","X-Content-Type-Options":"nosniff","Connection":"keep-alive","Date":"Thu, 08 Jun 2023 14:20:05 GMT","X-VaultAPI-TruncatedSessionId":"BE6D3D7C3B87C81","X-VaultAPI-BurstLimit":"2000","X-VaultAPI--VLT-EU-CENTRAL-1-PRODtion/json;charset=UTF-8"},"message":{"responseStatus":"SUCCESS","data":[{"responseStatus":"SUCCESS","data":{"id":"V7900000008Q001","url":"/api/v22.3/vobjects/user_role__sys/V7900000008Q001"}}]},"statusCode":200,"description":null,"status":"Success"}}
 

pborah
Regular Contributor
Regular Contributor

Any suggestion will be really appreciated.

Regards,

Pallavi

Alternatively, you can try having 2 calls in your RemoveAccessJSON. The flow will be to

1. First API call to get the user-role assignment ID (HTTP GET call)

2. Use the API response from first call to remove the association. (HTTP DELETE or call supported by the application)

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

pborah
Regular Contributor
Regular Contributor

Thank you for the response. I will try out this option and check.

Regards,

Pallavi

Instead of maintaining data in saviynt using get call for unique identifier


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

Thank you for the response. Can you please suggest how to name the calls under the add access files. Because the current name is "Role" and that is the entitlement type I have created under endpoint. If I change the name to Role1 and Role2 etc then the Add access is not working as it is not picking the associated roles. Kindly suggest if there is any other way as I have not done this type of integration before.

Any example file will help.

Regards,

Pallavi

You don't need to name it as Role1 and Role2. For both the calls, keep the call name as "Role". Saviynt will internally make it as 'Role1' and 'Role2' during execution.

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

pborah
Regular Contributor
Regular Contributor

Hi @naveenss ,

I tried setting up the JSON as below and the first call is returning the response correctly but the second call is showing me error

{
"call":[
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/query?q=SELECT+id+FROM+user_role__sys+WHERE+application_role__sys='0AR0000000...}'",
"httpMethod":"POST",
"httpHeaders":{
"Authorization":"${access_token}",
"Content-Type":"application/json",
"Accept":"application/json"
},
"httpContentType":"application/json"
},
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/vobjects/user_role__sys",
"httpMethod": "DELETE",
"httpParams": "[{\"id\":\"${response.Role1.message.data[0].id}\"}]",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json",
"Accept": "application/json"
},
"successResponses":{
"statusCode":[
200,
201,
204,
205
]
}
}
]
}

Response of both the calls:

{"Role1":{"headers":{"Transfer-Encoding":"chunked","Server":"nginx","X-Content-Type-Options":"nosniff","Connection":"keep-alive","Date":"Tue, 13 Jun 2023 14:17:05 GMT","X-VaultAPI-TruncatedSessionId":"49680434FC4165F","X-VaultAPI-BurstLimit":"2000","X-VaultAPI-BurstLimitRemaining":"1999","Strict-Transport-Security":"max-age=31536000;includeSubDomains","X-VaultAPI-UserId":"15765419","Cache-Control":"no-store","X-VaultAPI-VaultId":"97733","Vary":"Accept-Encoding","X-VaultAPI-ExecutionId":"http-VLT-EU-CENTRAL-1-PRODUCTION-2072-9107261-32-1686665825488","X-XSS-Protection":"1; mode=block","Content-Language":"en-US","Content-Type":"application/json;charset=UTF-8"},"message":{"responseStatus":"SUCCESS","responseDetails":{"pagesize":1000,"pageoffset":0,"size":1,"total":1},"data":[{"id":"V7900000008R014"}]},"statusCode":200,"description":null},"Role2":{"headers":{"Transfer-Encoding":"chunked","Server":"nginx","X-Content-Type-Options":"nosniff","Connection":"keep-alive","Date":"Tue, 13 Jun 2023 14:17:06 GMT","X-VaultAPI-TruncatedSessionId":"49680434FC4165F","X-VaultAPI-BurstLimit":"2000","X-VaultAPI-BurstLimitRemaining":"1998","Strict-Transport-Security":"max-age=31536000;includeSubDomains","Cache-Control":"private","X-VaultAPI-UserId":"15765419","X-VaultAPI-VaultId":"97733","Vary":"Accept-Encoding","Expires":"Thu, 01 Jan 1970 00:00:00 GMT","X-VaultAPI-ExecutionId":"http-VLT-EU-CENTRAL-1-PRODUCTION-2072-8451411-13-1686665826094","X-XSS-Protection":"1; mode=block","Content-Type":"application/json;charset=UTF-8"},"message":{"responseStatus":"FAILURE","errors":[{"type":"INVALID_DATA","message":"Invalid request body content"}]},"statusCode":200,"description":null,"status":"Success"}}

I tried multiple options to set in the body of the second call as below but see the same error:

[{\"id\":\"${Role1.message.data[0].id}\"}]
[{\"id\":\"${response.Role1.message.data[0].id}\"}]
[{\"id\":\"${response.Role1.data[0].id}\"}]
[{\"id\":\"${response.data[0].id}\"}]
[{\"id\":\"${response.Role1.message.data.data[0].id}\"}]

Postman request body for the second call is as following and it is working as expected:

pborah_0-1686730431724.png

Could you kindly suggest if you see anything wrong.

Regards,

Pallavi

 

pborah
Regular Contributor
Regular Contributor

Hi @naveenss ,

I was able to fix the issue by adding the id to be removed (role id) has to be passed in the request uri and not inside request body. Below is the working script.

{
"call":[
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/query?q=SELECT+id+FROM+user_role__sys+WHERE+application_role__sys='0AR0000000...}'",
"httpMethod":"POST",
"httpHeaders":{
"Authorization":"${access_token}",
"Content-Type":"application/json",
"Accept":"application/json"
},
"httpContentType":"application/json"
},
{
"name":"Role",
"connection":"userAuth",
"url":"https://test/api/v22.3/vobjects/user_role__sys/${response.Role1.message.data[0].id}",
"httpMethod": "DELETE",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json",
"Accept": "application/json"
},
"successResponses":{
"statusCode":[
200,
201,
204,
205
]
}
}
]
}