and more in a single search tool across platforms. Read the announcement here. |
04/27/2023 03:41 PM
Hi all,
I'm trying to integrate with an external system, and part of that is syncing roles and their membership. One of our roles has a ton of users, and just running /getRoles with `requestedObject=users` times out the request.
I need to query the users a few at a time or I need /getRoles to run faster. So first: can /getRoles run faster/return fewer fields? And alternatively, can something like the API's /ECM/{{path}}/users endpoint query based on role membership?
Thanks!
Solved! Go to Solution.
05/01/2023 11:25 AM
Can you share the request body that you are using in the getRole API (after masking any PII information). And also explain what is your requirement.
05/01/2023 11:43 AM
Hi, my requirement is to sync Saviynt roles and their membership with an external system. From Saviynt's point of view, I need to get roles and the users already assigned to those roles. My request body is just
{
"status": "1",
"requestedObject": "entitlement_values,users",
"max": 10,
"offset": 0,
}
If I change "requestedObject"'s value to just "entitlement_values"; there aren't any issues. With the current "requestedObject", the request times out. I've narrowed it down to a role that has over a thousand users.
Clearly, just getting a bunch of roles won't work. I need some other way to find out which users are assigned to that role.
05/08/2023 03:58 PM
@ig since the root cause of the issue large number of users linked to the role, am alternation option can be to use analytics API. Can you try to create an analytics which return the role to user mapping and then call it using analytics API?
If you are using ES analytics then first you have to run it using {{url}}/ECM/{{path}}/runAnalyticsControls and then fetch the analytics data by calling {{url}}/ECM/{{path}}/fetchControlDetailsES
for details refer this document : https://documenter.getpostman.com/view/1797923/SzzgAepY#24a96973-efc1-462c-8953-5735939c286c
05/09/2023 09:43 AM
Hi Rishi,
As it turns out, there is an API endpoint that retrieves role users, but it's just not described as such. The "Get Flat Role Details for User" endpoint has an optional query to set a rolename. If you only set rolename, then you end up pulling role members and can get them that way. The documentation link is below.
If I could make a suggestion: having this endpoint also be added to "2.0 Identity Administration > Roles" with a brief explanation that you can get a role's members by setting just the 'rolename' parameter would have saved a ton of time.
https://documenter.getpostman.com/view/20697337/2s93XwyPSL#0793aeed-d4a5-4004-9357-c8f558f670d6
05/11/2023 06:29 AM
Did this API worked on your instance version 5.5 SP 3.X?
05/12/2023 09:40 AM
Yes it did. That endpoint is in 5.5 SP 3.X too