and more in a single search tool across platforms. Read the announcement here. |
11/21/2022 02:09 AM
Hi,
I am using 'DB Connector' to import 'roles' from Oracle database. I was able to execute the 'Entitlements Import from Database (EntitlementValueImportJob)' job successfully first time and import all the roles in 'active' status.
The subsequent executions of the job are throwing me following error -
Duplicate entry 'XDB_WEBSERVICES_OVER_HTTP-13-XDB_WEBSERVICES_OVER_HTTP' for key 'ENTITLEMENTID'
Following is my 'EntitlementValueImport' XML -
<dataMapping>
<before-import>
</before-import>
<sql-query description="This is the Source DB Query">
<![CDATA[
SELECT DISTINCT role as entvalue, 'Role' as entitlementname, 'Oracle_ORT02530' as securitysystem, 'Oracle_ORT02530' as endpoint, 1 as entstatus FROM SYS.DBA_ROLES
]]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" entnotpresentaction="noaction" createentitlementtype="true">
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="entitlementname" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.entitlement_value" sourceproperty="entvalue" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.entitlement_glossary" sourceproperty="entvalue" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.description" sourceproperty="entvalue" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.status" sourceproperty="entstatus" type="number"></mapfield>
<mapfield saviyntproperty="entitlementvalues.entitlementid" sourceproperty="entvalue" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.displayname" sourceproperty="entvalue" type="character"></mapfield>
</mapper>
<after-import description="EMAIL,BATCH,SQL">
</after-import>
</dataMapping>
I believe the job is trying to re-import/re-create the entitlements on every execution whereas it should only 'add' if entitlement does not exist else 'update' or 'noaction'.
Need help to identify what I am missing or misconfigured.
Thanks,
Uwaraj Waman
Solved! Go to Solution.
11/21/2022 09:08 AM
Remove entitlementid mapping
<mapfield saviyntproperty="entitlementvalues.entitlementid" sourceproperty="entvalue" type="character"></mapfield>
11/21/2022 03:28 PM
I see you hardcoded Role as entitlementname in the query and mapped it to entitlementtypes.entitlementname and also you set createentitlementtype="true". So quick question on this.
Do you have entitlement type 'Role' already created on Oracle_ORT02530 endpoint? Or, Are you expecting it to be created as part of import job?
If you are not expecting it to be created as part of import job can you set createentitlementtype="false"
11/21/2022 05:15 PM
Endpoint and security system name is hardcoded 🙂
11/22/2022 01:25 AM
Both endpoint and security system are Saviynt related terms and their values do not exist in the target database hence I had to hardcode them. I would like to use the database name and type as endpoint and security system ideally, but I couldn't find a way to create a generic DB connection by fetching endpoint and security system names dynamically from the request and using it in connection string. If that's possible then I would not have to create 100s of db connections, one each for 100s of database that we want to connect to.
Let me know if my understanding is incorrect and there is a better way to implement this.
11/22/2022 01:19 AM
@skI wanted to create the 'entitlement type' as part of the first import so kept the createentitlementtype="true". The job did create the entitlement type on first execution and does not complain with subsequent executions even after keeping the value as 'true'.
11/22/2022 01:16 AM
@rushikeshvartak@skThanks for chiming in with the suggestions. Really appreciate your help. Removing the mapping for 'entitlementid' did the trick. I got all entitlements (roles) re-imported with 'blank' entitlementid but the job does not throw errors on subsequent executions now.