Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Querying role users via API

Go to solution
ig
New Contributor II
New Contributor II

‎04/27/2023 03:41 PM

Hi all,

I'm trying to integrate with an external system, and part of that is syncing roles and their membership. One of our roles has a ton of users, and just running /getRoles with `requestedObject=users` times out the request.

I need to query the users a few at a time or I need /getRoles to run faster. So first: can /getRoles run faster/return fewer fields? And alternatively, can something like the API's /ECM/{{path}}/users endpoint query based on role membership?

Thanks!

Labels:
0 Kudos
6 REPLIES 6

Go to solution
Rishi
Saviynt Employee
Saviynt Employee

‎05/01/2023 11:25 AM

Can you share the request body that you are using in the getRole API (after masking any PII information). And also explain what is your requirement.

0 Kudos

Go to solution
ig
New Contributor II
New Contributor II

‎05/01/2023 11:43 AM

Hi, my requirement is to sync Saviynt roles and their membership with an external system. From Saviynt's point of view, I need to get roles and the users already assigned to those roles. My request body is just

{
"status": "1",
"requestedObject": "entitlement_values,users",
"max": 10,
"offset": 0,
}

If I change "requestedObject"'s value to just "entitlement_values"; there aren't any issues. With the current "requestedObject", the request times out. I've narrowed it down to a role that has over a thousand users.

Clearly, just getting a bunch of roles won't work. I need some other way to find out which users are assigned to that role.

0 Kudos

Go to solution
Rishi
Saviynt Employee
Saviynt Employee

‎05/08/2023 03:58 PM

@ig since the root cause of the issue large number of users linked to the role, am alternation option can be to use analytics API. Can you try to create an analytics which return the role to user mapping and then call it using analytics API?

If you are using ES analytics then first you have to run it using {{url}}/ECM/{{path}}/runAnalyticsControls and then fetch the analytics data by calling {{url}}/ECM/{{path}}/fetchControlDetailsES

for details refer this document : https://documenter.getpostman.com/view/1797923/SzzgAepY#24a96973-efc1-462c-8953-5735939c286c

0 Kudos

Go to solution
ig
New Contributor II
New Contributor II
In response to Rishi

‎05/09/2023 09:43 AM

Hi Rishi,

As it turns out, there is an API endpoint that retrieves role users, but it's just not described as such. The "Get Flat Role Details for User" endpoint has an optional query to set a rolename. If you only set rolename, then you end up pulling role members and can get them that way. The documentation link is below.

If I could make a suggestion: having this endpoint also be added to "2.0 Identity Administration > Roles" with a brief explanation that you can get a role's members by setting just the 'rolename' parameter would have saved a ton of time.

https://documenter.getpostman.com/view/20697337/2s93XwyPSL#0793aeed-d4a5-4004-9357-c8f558f670d6

0 Kudos

Go to solution
Rishi
Saviynt Employee
Saviynt Employee
In response to ig

‎05/11/2023 06:29 AM

Did this API worked on your instance version 5.5 SP 3.X? 

0 Kudos

Go to solution
ig
New Contributor II
New Contributor II

‎05/12/2023 09:40 AM

Yes it did. That endpoint is in 5.5 SP 3.X too

0 Kudos
Copyright © 2024 Khoros, LLC