Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Remove Access/Account tasks failing for REST based connections

Gurukrishna96
New Contributor
New Contributor

Hello All,

Based on the sample payloads below, we are trying to configure Remove Access and Remove account JSONs - 

Payload for removing access - 

 
PUT  /interop/rest/security/v2/groups/removeusersfromgroup
 
{
  "groupname": "G1",
"users": [
        {
"userlogin": "jdoe"
        },
        {
                    "userlogin": "chris"
        }
    ]
}

__________________________________________________________

Payload for Remove Account - 

 

https://<BASE-URL>/interop/rest/security/v2/users/remove
 
{
"users": 
[
{
"userlogin": "jdoe"
},
{
"userlogin": "chris"
        }
    ]
}

________________________________________________________________________________

JSONs - 

Remove Access JSON -

{
"call": [
{
"name": "group removal",
"connection": "acctAuth",
"url": "https://removed.oraclecloud.com/interop/rest/security/v2/groups/removeusersfromgroup ",
"httpMethod": "PUT",
"httpParams": {"groupname": "${entitlementValue.entitlementID}","users":[{"userlogin": "${account.accountID}"}]},
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
}
}
]
}

___________________________________________________

Remove Account JSON

{
"call": [
{
"name": "account",
"connection": "acctAuth",
"url": "https://removed.oraclecloud.com/interop/rest/security/v2/users/remove ",
"httpMethod": "POST",
"httpParams": {
"users": [
{
"userlogin": "${account.accountID}"
}
]
},
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
}
}
]
}


[This message has been edited by moderator to disable URL hyperlink]

19 REPLIES 19

Gurukrishna96
New Contributor
New Contributor

We are seeing below errors while processing the tasks - 

quartzScheduler_Worker-7-r72nh","DEBUG","Calling removeAccount in rest with Sec System - OracleEPM_GRPlan and tasklist - [sav2.test2@wbdcontractor.com:[com.saviynt.ecm.task.ArsTasks : 3731]]"
Line 343: "2024-07-16T07:58:12.653+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","initializing Provisioning connection"
Line 344: "2024-07-16T07:58:12.655+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Completing task - 3731"
Line 345: "2024-07-16T07:58:12.671+00:00","ecm-worker","services.SaviyntCommonUtilityService","quartzScheduler_Worker-7-r72nh","DEBUG","Enter getStandardBindingVariable"
Line 346: "2024-07-16T07:58:12.672+00:00","ecm-worker","services.SaviyntCommonUtilityService","quartzScheduler_Worker-7-r72nh","DEBUG","arsTasks.requestAccessKey: null"
Line 347: "2024-07-16T07:58:12.672+00:00","ecm-worker","services.SaviyntCommonUtilityService","quartzScheduler_Worker-7-r72nh","DEBUG","Exit getStandardBindingVariable"
Line 348: "2024-07-16T07:58:12.672+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Total Call: 1"
Line 349: "2024-07-16T07:58:12.681+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","pastResponse: [message:No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[users:[[userlogin:${account.accountID}]]], ...]"
Line 351: "2024-07-16T07:58:12.681+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Enter getAuditForFailedCall"
Line 352: "2024-07-16T07:58:12.688+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","connection: acctAuth"
Line 353: "2024-07-16T07:58:12.709+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","ERROR","Error in processWebservicegroovy.lang.MissingMethodException: No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[users:[[userlogin:${account.accountID}]]], ...]"
Line 355: "2024-07-16T07:58:12.710+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Enter encryptHeaders"
Line 356: "2024-07-16T07:58:12.710+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Exit encryptHeaders"
Line 357: "2024-07-16T07:58:12.711+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Task Response: {"auditDetails":{"account":[{"message":"No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[users:[[userlogin:${account.accountID}]]], ...]\nPossible solutions: getDynamicBindString(java.lang.String, java.util.Map)","status":"Failed"},{"message":"No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[users:[[userlogin:${account.accountID}]]], ...]\nPossible solutions: getDynamicBindString(java.lang.String, java.util.Map)","status":"Failed"}]},"account":{"message":"No signature of method: com.saviynt.provisoning.rest.RestUtilService.getDynamicBindString() is applicable for argument types: (java.util.LinkedHashMap, java.util.HashMap) values: [[users:[[userlogin:${account.accountID}]]], ...]\nPossible solutions: getDynamicBindString(java.lang.String, java.util.Map)","status":"Failed"}}"
Line 358: "2024-07-16T07:58:12.711+00:00","ecm-worker","rest.RestProvisioningService","quartzScheduler_Worker-7-r72nh","DEBUG","Result: false"

__________________________________________________

Could you please suggest what needs to be updated in JSON

NM
Esteemed Contributor
Esteemed Contributor

Hi @Gurukrishna96 ,

Try this

httpParams": "{"groupname": "${entitlementValue.entitlementID}","users":[{"userlogin": "${account.accountID}"}]}",

Add backslash before double quotes..


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Hi @NM Thanks, I am able to get remove account working this way but Remove Access is still not working. I am seeing the same error as above

Share working Remove Access JSON


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Remove Access JSON is not working. Remove account JSON is working, please check - 

{
"call": [
{
"name": "account",
"connection": "acctAuth",
"url": "https://wbdplandev-wbd.epm.us-ashburn-1.ocs.oraclecloud.com/interop/rest/security/v2/users/remove",
"httpMethod": "POST",
"httpParams": "{\"users\":[{\"userlogin\": \"${account.accountID}\"}]}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
}
}
]
}

gwagh
Regular Contributor
Regular Contributor

Hi @Gurukrishna96 , Where did you pass the Entitlement/Access name or ID in JSON ?

Ex. "httpParams": "{ \"groupname\": \"${entitlementValue.entitlementID}\",\"users\":[{\"userlogin\": \"${account.accountID}\"}]}",

 

Please check this. It is similar to what you have put in example - 

{
"call": [
{
"name": "group removal",
"connection": "acctAuth",
"url": "https://wbdplandev-wbd.epm.us-ashburn-1.ocs.oraclecloud.com/interop/rest/security/v2/groups/removeus...",
"httpMethod": "PUT",
"httpParams": "{\"groupname\": \"${entitlementValue.entitlementID}\",\"users\":[{\"userlogin\": \"${account.accountID}\"}]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
}
}
]
}

What is your entitlement type name under endpoint - Entitlement Types - view detail icon


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

gwagh
Regular Contributor
Regular Contributor

Hi @Gurukrishna96 ,

 

"name": "group removal

Here you need to pass Entitlment Type. Ex- Role/Groups.

 

Regards,
Gaurav Wagh
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

rushikeshvartak
All-Star
All-Star

Please share postman screenshot and curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]



⚠️‼️‼️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.‼️‼️⚠️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak 
Below is cURL response for Remove Account

--header 'Content-Type: application/json' \
--header 'Authorization: ••••••' \
--data '{
    "users":
    [
        {
            "userlogin": "jdoe"
        },
        {
            "userlogin": "chris"
                }
        ]
}'

_______________________________________________
Remove Access

--header 'Content-Type: application/json' \
--header 'Authorization: ••••••' \
--header 'Cookie: JSESSIONID=l3C54X5GdRt2S54Eepx8nOzhGmht_dUFldIr5dzFiTBKR!1615952024; _WL_AUTHCOOKIE_JSESSIONID=BEP7uovyMHZuGm7kh1eR' \
--data '{
    "groupname": "G1",
    "users":    [
                {
            "userlogin": "jdoe"
                },
                {
                    "userlogin": "chris"
                }
        ]
}'


NM
Esteemed Contributor
Esteemed Contributor

@Gurukrishna96 HTTP Method should be PUT instead of POST

{
"call": [
{
"name": "account",
"connection": "acctAuth",
"url": "https://wbdplandev-wbd.epm.us-ashburn-1.ocs.oraclecloud.com/interop/rest/security/v2/users/remove",
"httpMethod": "PUT",
"httpParams": "{\"users\":[{\"userlogin\": \"${account.accountID}\"}]}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
}
}
]
}


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Hi @NM I have selected the POST method for account removal as per Oracle EPM docs.
Remove account is working correctly (the above json).

However, remove access json is not working which uses the PUT method.

NM
Esteemed Contributor
Esteemed Contributor

Hi @Gurukrishna96 , share your remove access json not the account one.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Hi @NM Please check - 

{
"call": [
{
"name": "group removal",
"connection": "acctAuth",
"url": "https://wbdplandev-wbd.epm.us-ashburn-1.ocs.oraclecloud.com/interop/rest/security/v2/groups/removeus...",
"httpMethod": "PUT",
"httpParams": "{\"groupname\": \"${entitlementValue.entitlementID}\",\"users\":[{\"userlogin\": \"${account.accountID}\"}]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
]
}
}
]
}

NM
Esteemed Contributor
Esteemed Contributor

Instead of group removal name should be your entitlement type name

"call": [

{

"name": "entitlement type name"


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Gurukrishna96
New Contributor
New Contributor

Thanks @NM @gwagh @rushikeshvartak  This resolved the issue. I was assuming something was wrong with the payload.

One ques - How do we move deleted accounts to "suspended from import service" status, I can only see the status changed to "Manually Suspended". I have checked in Postman and account does not exist any more. I have also run the import job.

I have added below part in Import JSON - 

"statusAndThresholdConfig": {
"inactivateAccountsNotInFile": true
}


Share full Status threshold config

{
"statusAndThresholdConfig":
{
"statusColumn": "customproperty30",
"activeStatus": ["1"],
"deleteLinks": false,
"accountThresholdValue": 0,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true
}
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Esteemed Contributor
Esteemed Contributor

Hi @Gurukrishna96 , make this false

inactivateAccountsNotInFile": false

 

Thanks

If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'