Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Pending tasks and CreateTicketJSON

Jari_K
New Contributor III
New Contributor III

Hi,

Noticed some interesting behavior of handling pending tasks and CreateTicketJSON when running WSRETRY job to create tickets.

For example consider mover scenario where technical rules and birthrights create multiple pending tasks for example update account, remove access and add access for the same user in one security system and multiple endpoints.

When running WSRETRY job, instead of triggering CreateTicketJSON once for every pending task and creating a ticket per task, EIC seems to combine tasks based on some logic and depending on some conditions one or more tickets are created.

I couldn't find any documentation on this behavior where tasks are combined. Is there any documentation on running WSRETRY job for disconnected systems and how it is combing tasks for CreateTicketJSON?

When tasks are combined allEntitlementsValues variable contains data from all tasks combined in the one CreateTicketJSON call but binding variable task only contains data from one of those tasks. How are we be able to modify the content of the ticket based on tasktype for example if we don't know what type of tasks are combined to one CreateTicketJSON call or how to know all related applications (endpoints) when binding variable task only point to one?

Thanks already on advance for any information on this issue.

11 REPLIES 11

rushikeshvartak
All-Star
All-Star

if task is generated from request and have requestkey then only it merge all task into one and create ticket


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Yes, but how about the scenario where tasks are created without request? Based on user update and technical rules. How are those tasks combined?

And how to find out all tasktypes and/or endpoints in the combined object so that contents of the ticket can be different for different tasktypes? Currently task variable contains information only about one task. For example adding access or updating account would need different information on the ticket than remove access. How the task captured in task variable is chosen? 

Documentation on this would be really helpful.

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Jari_K,

You may try to add if-else statements in createticket json to send different parameters based on task source and task types, in that way you can configure what data to send for each task type.

ex: task.source == 'PROVRULE' (task created from rule)
task.source == 'REQUEST' (task created from request)

task.tasktype == 2 ( remove access)
task.tasktype == 14 (disable account)

Thanks.

For Ref:- 
https://forums.saviynt.com/t5/saviynt-knowledge-base/various-request-types-and-task-types-along-with...
https://forums.saviynt.com/t5/identity-governance/if-else-condition-for-tasktype-in-create-ticket-js... 

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Jari_K
New Contributor III
New Contributor III

Hi @sudeshjaiswal that works if there is only one task being provisioned at one wsretry run.

How about the scenario I described in the first post? When EIC combines different types of tasks and randomly (as not documented?) selects only one of the tasks to binding variable "task". There could be for example one update account task and two add access tasks combined to one request but task variable holds only information for one of these tasks.

Please provide documentation on how tasks are combined when running wsretry job to trigger CreateTicketJSON and how to find out all task types included in the combined object.

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Jari_K,

This is the known behavior, CreateTicketJSON is invoked only once with all task details for particular user and Per Request if task got created through ARS.

Thanks.


If you find the above response useful, Kindly Mark it as "Accept As Solution".

Jari_K
New Contributor III
New Contributor III

Hi @sudeshjaiswal 

Please provide documentation on this feature. Previous links do not contain a mention of this known feature. Let alone detailed description of conditions used to combine tasks.

1. How the task binding variable is populated? How that can be used to differentiate between task types if it contains one task but CreateTicketJSON is invoked only once for multiple tasks of different type?

2. Are there any other conditions for combining tasks to one CreateTicketJSON invocation other than requestID and user? If I am seeing two tickets being created for one particular user when there are multiple pending tasks without requestID, is that a bug?

#1 if task having requestkey or request id it will merge and generate one task.

#2 combination is request + account + user

this is not documented hence request you to provide feedback on documentation page so this will be added in future


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak 

#1 Yes, I understood that EIC will merge if requestkey exists but issue is that when tasks are merged binding variable called 'task' will only contain information about only one of the merged tasks. How to get information about the rest of the tasks? For example in the case below the task binding variable used to create ticket RITM0011329 contained only task 2677 even though taskIds contained list of 2677 and 2678.

#2 Here I have an example case where update account and add access tasks are merged and remove access for the same user, same account and same endpoint is created as a separate ticket for some reason. 

 

TICKETIDTASKKEYTASKTYPEUSERKEYSOURCEENDPOINTACCOUNTKEYENTITLEMENT_VALUEKEYTASKDATE
RITM0011329267712611ZERODAY4361381162023-12-13 06:34:05.0
RITM00113292678122611PROVRULE436138 2023-12-13 06:34:04.0
RITM0011330267922611ZERODAY4361381172023-12-13 06:34:05.0

Tasks are from user update and birthright rules triggered in mover case. Tasks are created at the same time and provisioned on the same WSRETRY run. There isn't any requestkey which could be used to merge those but using some conditions tasks 2677 and 2678 are combined but 2679 is left out.

This is the reason why I am asking how EIC selects which tasks it combines to one invocation of CreateTicketJSON. As there are no documentation on this behavior how tasks are merged, it is really hard to implement anything that needs to have information from all tasks.

Hi @Jari_K  I have checked with internal team and as per behavior when there is no request associated with tasks, it just combines with the users and create in one ticket.

Now for the above case it has created a another ticket for tasktype 2, for that we will have to check it out, can you create a support ticket for this and mention the forum link- i will take it internally to check it fully.

Hi @Jari_K 

Please try with the below example for getting variables as per the task

${if(taskIds != null && taskIds.size()>0){String result='';ArrayList arr = new ArrayList(taskIds); arr.eachWithIndex{ val, idx -> com.saviynt.ecm.task.ArsTasks.get(val)?.entitlement_valueKey!=null?result=result.concat(com.saviynt.ecm.task.ArsTasks.get(val)?.tasktype==1?'ADD:: ':com.saviynt.ecm.task.ArsTasks.get(val)?.tasktype==31?'Extend End Date :: ':'REMOVE :: ').concat(com.saviynt.ecm.task.ArsTasks.get(val)?.entitlement_valueKey!=null?com.saviynt.ecm.task.ArsTasks.get(val)?.entitlement_valueKey?.entitlementtypekey.entitlementname+' : ':'').concat(com.saviynt.ecm.task.ArsTasks.get(val)?.entitlement_valueKey?.entitlement_value).concat(' : Access Start Date - ' + com.saviynt.ecm.task.ArsTasks.get(val)?.requestAccessKey?.startdate).concat(' : Access End Date - ' + com.saviynt.ecm.task.ArsTasks.get(val)?.requestAccessKey?.enddate).concat(' : Approved By - ' + com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.task.ArsTasks.get(val)?.requestAccessKey?.collect{it.ae.findAll{it.jbpmActivityName.toString().equalsIgnoreCase('OwnerApproval')}}?.collect{it.approveby}.get(0).get(0)).displayname).concat('\\\\n'):'';}; return result}else{return '';}}

 

 

Thanks

Darshan

uthra_rahul
Saviynt Employee
Saviynt Employee

@anuragp Could you please assist with this query?