Saviynt Forums

indra_hema_95 · ‎08/13/2024

Hi,

I have configured SOD for an application. I have checked all the required things which supposed to be there to make a SOD work. Whenever I am trying to raise any request it is showing "No Segregation of Duties found in request", though in the logs I can see it is calculating the SOD.

LOGS:

2024-08-13T15:56:37+05:30-arsms--null-rtbgj--2024-08-13T10:26:36.589428731Z stdout F 2024-08-13 10:26:36.589 DEBUG [traceId=d4b13e16706753d4, spanId=d4b13e16706753d4, spanExportable=true, X-Span-Export=true, X-B3-SpanId=d4b13e16706753d4, TENANT_ID=DEFAULT, X-B3-TraceId=d4b13e16706753d4] 7 --- [http-nio-8787-exec-6] c.s.s.a.s.impl.SodEvaluationService : endpointEntitlementMap :::: {Kiteworks___Roles={entType=Roles, endpoint=Kiteworks, existingEntList=[], newEntList=[917775, 917773]}}
2024-08-13T15:56:37+05:30-arsms--null-rtbgj--2024-08-13T10:26:36.589493299Z stdout F 2024-08-13 10:26:36.589 DEBUG [traceId=d4b13e16706753d4, spanId=d4b13e16706753d4, spanExportable=true, X-Span-Export=true, X-B3-SpanId=d4b13e16706753d4, TENANT_ID=DEFAULT, X-B3-TraceId=d4b13e16706753d4] 7 --- [http-nio-8787-exec-6] c.s.s.a.s.impl.EcmAPIRequestServiceImpl : sodEvaluationBodyParams ::::: SodEvaluationBodyParams [user=BE6WC8ZDZ, ruleset=null, entitlementJSON=SodEvaluationEntitlementModel [Data=[SodEvaluationDataModel [Endpoint=Kiteworks, EntitlementType=Roles, ExistingEntitlementsKeys=[], NewEntitlementsKeys=[917775, 917773]]]], applicationRoleJson=null, riskSODEvaluationByUser=null, showSODForNewEntitlementsOnly=true, accountId=null]
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.396256271Z stdout F 2024-08-13 10:26:37,395 [http-nio-8080-exec-6] INFO epic.RiskSODEvaluationService - Evaluating Risk # 14 - of 14 - Kiteworks_Risk1
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.398270578Z stdout F 2024-08-13 10:26:37,397 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - Got the Function 1 As Kiteworks_FUN_#Kite10GB
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.406492508Z stdout F 2024-08-13 10:26:37,406 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - Got the Function 2 As Kiteworks_FUN_#Kite5GB
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.407187542Z stdout F 2024-08-13 10:26:37,406 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - RISK Kiteworks_Risk1 Has 1 Users
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.407529172Z stdout F 2024-08-13 10:26:37,407 [http-nio-8080-exec-6] INFO epic.RiskSODEvaluationService - Found 1 Accounts for Risk # 14 - of 14 - Kiteworks_Risk1, Saving data...
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.428590377Z stdout F 2024-08-13 10:26:37,428 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - Done for RISKKiteworks_Risk1

Can someone suggest here what could be the issue?

Regards,

Indra

naveenss · ‎08/13/2024

Hi @indra_hema_95 have you enabled the below configuration under the SAV role?

Also, I believe you have already added the endpoint name under the externalconfig.properties file?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

indra_hema_95 · ‎08/13/2024

Hi @naveenss yes, those I have done already.

Regards,

Indranil Biswas

NM · ‎08/13/2024

Evaluate SODs in Access Request mark it as true. @indra_hema_95

And add endpoint name under "Endpoints to Evaluate SOD" in global comfig

indra_hema_95 · ‎08/13/2024

Hi @NM where is that option?

NM · ‎08/13/2024

@indra_hema_95 you can go ahead with second option "application that require SOD evaluation"

indra_hema_95 · ‎08/13/2024

Hi @NM That is already configured actually. Still no luck.

rushikeshvartak · ‎08/13/2024

Does Application added in external config
Application server is restarted ?
Show SoD enabled in Sav role?
Global configuration application that require SOD evaluation - application is added ?
Does below objects are active
- Risks
- Functions
- Entitlements
Does Ruleset is marked as default ?
Do you see sod after submitting request ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Does Application added in external config --> Yes
Application server is restarted ? --> Yes
Show SoD enabled in Sav role? --> Yes
Global configuration application that require SOD evaluation - application is added ? --> Yes
Does below objects are active
- Risks --> Yes
- Functions --> Yes
- Entitlements --> Yes
Does Ruleset is marked as default ? --> Yes
Do you see sod after submitting request ? --> No

rushikeshvartak · ‎08/13/2024

Remove dummy or default endpoint names from external configuration and restart, then validate

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak still same result.

rushikeshvartak · ‎08/13/2024

Share exported ruleset

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak how to export that ruleset? Through analytics or there is any default method to export it?

rushikeshvartak · ‎08/13/2024

SOD - Ruleset - Complete export

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak Please find the export.

rushikeshvartak · ‎08/13/2024

Can you remove # from function name and validate?
Also, validate if soil is visible from the SOD simulation.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak I have removed the # and restarted the system again, getting the same result.

Can you please let me know what is soil?

rushikeshvartak · ‎08/13/2024

Its typo. Validate from SoD Simulation

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak Simulation is giving the result properly.

rushikeshvartak · ‎08/13/2024

It means there is a configuration issue with the sav role.
Did you enable Show SOD? On all sav roles do users have ?
enable below from Global Config (SOD)

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak I am using role_admin sav role and for that sod is enabled

In global config first 2 options I can see and those are enabled

rushikeshvartak · ‎08/14/2024

Does user have only 1 Sav role if yes share logs when request is moving from Step 2 to Step 3

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/14/2024

Found the problem, entitlement starting with # was causing the problem.

Regards,

Indranil Biswas

rushikeshvartak · ‎08/14/2024

# is used as separator internally in SOD

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/14/2024

If we have # in the middle of an entitlement it is working fine but only when it is at the beginning it is not showing.

Though actually it fixed our problem. Thank you.

Dave · ‎08/14/2024

@indra_hema_95 - Please click the "Accept As Solution" button on the reply (or replies) that best answered your original question. (Even if the reply is your own.)

This will help other users who may have a similar problem.

Thank you,
Dave

rushikeshvartak · ‎08/13/2024

In order to see sod on step 3
you need to add application/ endpoint name on global configuration under Endpoints to Evaluate SOD

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

indra_hema_95 · ‎08/13/2024

Hi @rushikeshvartak I don't see Endpoints to Evaluate SOD in global config for 24.4. Under which section it comes can you please tell me? I see "Applications that Require SoD Evaluation". Is that the same?