Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/13/2024 03:39 AM
Hi,
I have configured SOD for an application. I have checked all the required things which supposed to be there to make a SOD work. Whenever I am trying to raise any request it is showing "No Segregation of Duties found in request", though in the logs I can see it is calculating the SOD.
LOGS:
2024-08-13T15:56:37+05:30-arsms--null-rtbgj--2024-08-13T10:26:36.589428731Z stdout F 2024-08-13 10:26:36.589 DEBUG [traceId=d4b13e16706753d4, spanId=d4b13e16706753d4, spanExportable=true, X-Span-Export=true, X-B3-SpanId=d4b13e16706753d4, TENANT_ID=DEFAULT, X-B3-TraceId=d4b13e16706753d4] 7 --- [http-nio-8787-exec-6] c.s.s.a.s.impl.SodEvaluationService : endpointEntitlementMap :::: {Kiteworks___Roles={entType=Roles, endpoint=Kiteworks, existingEntList=[], newEntList=[917775, 917773]}}
2024-08-13T15:56:37+05:30-arsms--null-rtbgj--2024-08-13T10:26:36.589493299Z stdout F 2024-08-13 10:26:36.589 DEBUG [traceId=d4b13e16706753d4, spanId=d4b13e16706753d4, spanExportable=true, X-Span-Export=true, X-B3-SpanId=d4b13e16706753d4, TENANT_ID=DEFAULT, X-B3-TraceId=d4b13e16706753d4] 7 --- [http-nio-8787-exec-6] c.s.s.a.s.impl.EcmAPIRequestServiceImpl : sodEvaluationBodyParams ::::: SodEvaluationBodyParams [user=BE6WC8ZDZ, ruleset=null, entitlementJSON=SodEvaluationEntitlementModel [Data=[SodEvaluationDataModel [Endpoint=Kiteworks, EntitlementType=Roles, ExistingEntitlementsKeys=[], NewEntitlementsKeys=[917775, 917773]]]], applicationRoleJson=null, riskSODEvaluationByUser=null, showSODForNewEntitlementsOnly=true, accountId=null]
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.396256271Z stdout F 2024-08-13 10:26:37,395 [http-nio-8080-exec-6] INFO epic.RiskSODEvaluationService - Evaluating Risk # 14 - of 14 - Kiteworks_Risk1
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.398270578Z stdout F 2024-08-13 10:26:37,397 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - Got the Function 1 As Kiteworks_FUN_#Kite10GB
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.406492508Z stdout F 2024-08-13 10:26:37,406 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - Got the Function 2 As Kiteworks_FUN_#Kite5GB
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.407187542Z stdout F 2024-08-13 10:26:37,406 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - RISK Kiteworks_Risk1 Has 1 Users
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.407529172Z stdout F 2024-08-13 10:26:37,407 [http-nio-8080-exec-6] INFO epic.RiskSODEvaluationService - Found 1 Accounts for Risk # 14 - of 14 - Kiteworks_Risk1, Saving data...
2024-08-13T15:56:37+05:30-ecm--null-bb9nq--2024-08-13T10:26:37.428590377Z stdout F 2024-08-13 10:26:37,428 [http-nio-8080-exec-6] DEBUG epic.RiskSODEvaluationService - Done for RISKKiteworks_Risk1
Can someone suggest here what could be the issue?
Regards,
Indra
Solved! Go to Solution.
08/13/2024 03:50 AM
Hi @indra_hema_95 have you enabled the below configuration under the SAV role?
Also, I believe you have already added the endpoint name under the externalconfig.properties file?
08/13/2024 03:58 AM - edited 08/13/2024 03:58 AM
08/13/2024 05:32 AM - edited 08/13/2024 05:37 AM
Evaluate SODs in Access Request mark it as true. @indra_hema_95
And add endpoint name under "Endpoints to Evaluate SOD" in global comfig
08/13/2024 05:41 AM
Hi @NM where is that option?
08/13/2024 05:45 AM
@indra_hema_95 you can go ahead with second option "application that require SOD evaluation"
08/13/2024 05:46 AM
Hi @NM That is already configured actually. Still no luck.
08/13/2024 05:52 AM
08/13/2024 05:59 AM
08/13/2024 06:05 AM
Remove dummy or default endpoint names from external configuration and restart, then validate
08/13/2024 07:03 AM
Hi @rushikeshvartak still same result.
08/13/2024 07:04 AM
Share exported ruleset
08/13/2024 07:14 AM
Hi @rushikeshvartak how to export that ruleset? Through analytics or there is any default method to export it?
08/13/2024 07:51 AM
SOD - Ruleset - Complete export
08/13/2024 08:11 AM
08/13/2024 08:53 AM
08/13/2024 10:02 AM
Hi @rushikeshvartak I have removed the # and restarted the system again, getting the same result.
Can you please let me know what is soil?
08/13/2024 10:05 AM
Its typo. Validate from SoD Simulation
08/13/2024 11:32 AM
08/13/2024 12:16 PM
08/13/2024 11:37 PM
Hi @rushikeshvartak I am using role_admin sav role and for that sod is enabled
In global config first 2 options I can see and those are enabled
08/14/2024 05:13 AM
08/14/2024 09:04 AM
Found the problem, entitlement starting with # was causing the problem.
Regards,
Indranil Biswas
08/14/2024 09:06 AM
# is used as separator internally in SOD
08/14/2024 09:08 AM - edited 08/14/2024 09:09 AM
If we have # in the middle of an entitlement it is working fine but only when it is at the beginning it is not showing.
Though actually it fixed our problem. Thank you.
08/14/2024 03:34 PM
@indra_hema_95 - Please click the "Accept As Solution" button on the reply (or replies) that best answered your original question. (Even if the reply is your own.)
This will help other users who may have a similar problem.
Thank you,
Dave
08/13/2024 05:36 AM
08/13/2024 05:42 AM
Hi @rushikeshvartak I don't see Endpoints to Evaluate SOD in global config for 24.4. Under which section it comes can you please tell me? I see "Applications that Require SoD Evaluation". Is that the same?