We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Provisioning issues

HarishG
Regular Contributor
Regular Contributor

Hi,

I am getting the below errors while provisioning the entitlements for AD and Saviynt. Accounts assignment tasks are getting competed but the entitlement tasks are not getting completed

AD:

Error while ADD operation for account-XXXX to Group-EntitlementNAME in AD - EntitlementNAME: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100229, problem 2006 (BAD_NAME), data 8350, best match of: 'EntitlementNAME' ]

Saviynt:

Error while assigning access -EntitlementNAME to account - XXXX -Exception occured while Excecuting Query

Screenshot 2023-03-02 at 14.44.02.png

could you please assist?

 

Thanks

Harish

5 REPLIES 5

ParitaSavla
Saviynt Employee
Saviynt Employee

Can you check if the DN and the entitlement_value name for the entitlement_value is the same in AD as well as Saviynt.

HarishG
Regular Contributor
Regular Contributor

Hi @ParitaSavla 

Thank you for the reply.

Below is the Maping for the entitlement_value in the AD connection. entitlement_value is mapped to DN.

groupImportMapping:

{
"entitlementTypeName": "memberOf",
"importGroupHierarchy": "false",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:objectGUID_binary,customProperty4:memberOf_char,customProperty3:uSNCreated_char,customProperty12:extensionattribute12_char,customProperty2:cn_char,lastscandate:whenCreated_date,entitlement_glossary:description_char,entitlement_value:distinguishedName_char,updatedate:whenChanged_date,RECONCILATION_FIELD:customproperty1"
}

Now i see a different error:

LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of: XXXXXX

ParitaSavla
Saviynt Employee
Saviynt Employee

What is the value for the entitlement and is it the same in AD?

HarishG
Regular Contributor
Regular Contributor

Thanks @ParitaSavla 

during SAV entitlement assignment, we get an error "Error while executing the query"

do you have any idea, when this would occur?

GrantAccessJSON:

{
"UserGroupMember": ["Insert into usergroup_users(userkey,user_groupkey,updatedate,updateuser) values(${user.id},(select USERGROUPKEY from user_groups where USER_GROUPNAME='${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"],

"Role":["Insert into role_owners(userkey,rolekey,rank,updatedate,updateuser) values(${user.id},(select rolekey from roles where ROLE_NAME='${task.entitlement_valueKey.entitlement_value}'),1,utc_timestamp(),(select userkey from users where username = 'admin'))"], "Rule":["Insert into rule_owners(userkey,rulekey,rank,updatedate,updateuser) values(${user.id},(select hanarulekey from hanarule where case when TYPE=0 then concat(NAME,' TYPE:BUSINESS')='${task.entitlement_valueKey.entitlement_value}' when type=1 then concat(NAME,'TYPE:TECHNICAL')='${task.entitlement_valueKey.entitlement_value}' when type=2 then concat(NAME,' TYPE:USER UPDATE')='${task.entitlement_valueKey.entitlement_value}' when type=3 then concat(NAME,' TYPE:NEW USER')='${task.entitlement_valueKey.entitlement_value}' when type=4 then concat(NAME,' TYPE:REMOVE USER')='${task.entitlement_valueKey.entitlement_value}' when type=5 then concat(NAME,' TYPE:UPDATE ENTITLEMENT')='${task.entitlement_valueKey.entitlement_value}' when type=6 then concat(NAME,' TYPE:NEW ENTITLEMENT')='${task.entitlement_valueKey.entitlement_value}' when type=7 then concat(NAME,' TYPE:REMOVE ENTITLEMENT')='${task.entitlement_valueKey.entitlement_value}' when type=8 then concat(NAME,' TYPE:REQUEST')='${task.entitlement_valueKey.entitlement_value}' end),1,utc_timestamp(),(select userkey from users where username = 'admin'))"], "Organization":["Insert into organization_owners(userkey,customerkey,rank,updatedate,updateuser) values(${user.id},(select CUSTOMERKEY from customer where customername='${task.entitlement_valueKey.entitlement_value}'),1,utc_timestamp(),(select userkey from users where username = 'admin'))"], "UserGroup":["Insert into usergroup_owners(userkey,usergroupkey,rank,updatedate,updateuser) values(${user.id},(select USERGROUPKEY from user_groups where USER_GROUPNAME='${task.entitlement_valueKey.entitlement_value}'),1,utc_timestamp(),(select userkey from users where username = 'admin'))"], "SAVRole":["Insert into user_savroles(USERKEY, ROLEKEY,UPDATEDATE,UPDATEUSER) VALUES (${user.id},(select rolekey from savroles where rolename= '${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"], "Risk":["Insert into riskowners(owneruserkey,rank,riskid,updatedate,updateuser) values(${user.id},1,(select riskid from risks r inner join rulesets rs on rs.RULESETKEY=r.RULESETKEY where concat(RISKNAME,' RULESET:',rs.RULESET)='${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"], "Function":["update functions f inner join rulesets rs on f.RULESETKEY=rs.RULESETKEY set f.OWNERTYPE=1,f.OWNER=${user.id} where concat(FUNCTION_NAME,' RULESET:',rs.ruleset) = '${task.entitlement_valueKey.entitlement_value}' and f.functionkey>0"], "BusinessProcess":["Insert into bp_owners(busprockey,userkey,update_date) values((select busprockey from busprocs where busprocname='${task.entitlement_valueKey.entitlement_value}'),${user.id},utc_timestamp())"], "JRM":["update jrmrules set owner=${user.id} where jrmrulename = '${task.entitlement_valueKey.entitlement_value}'"] }

 

Best regards

Harish

ParitaSavla
Saviynt Employee
Saviynt Employee

Can you break down the query to identify the query that is causing the issue?