Saviynt Forums

ejeong · ‎11/01/2022

Hello

I would like to add dependent entitlement for one of app integrated with REST API

Parent entitlement Type : Application

Child Entitlement Type : Roles

I requested api developer to add one more api to get roles per application

{{url}}?app_name={application entitlement.value} it will return followings :

"result": [

{

"approle_id": 1,

"approle_name": "IAM_ADMIN"

},

{

"approle_id": 2,

"approle_name": "PIPS_ADMIN"

},

{

"approle_id": 3,

"approle_name": "READONLY-ADMIN"

},

{

"approle_id": 4,

"approle_name": "AUDITOR"

},

{

"approle_id": 5,

"approle_name": "UAC_ADMIN"

},

{

"approle_id": 6,

"approle_name": "APP_ADMIN"

},

{

"approle_id": 7,

"approle_name": "AUTHWEB_USER"

},

{

"approle_id": 8,

"approle_name": "ADMIN"

}

],

There are around 260 entitlement with Application entitlement type.

Can I apply entitlenentMappingParam like below?

There is app_id in this api response. should I ask develop to add that? or can it reference it from entitlementID of application entitltmenttype?

"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Applications": {
"ent1KeyField": "entitlementID",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "{{URL}}?app_name==${id.replace(' ','%20')}",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "result",
"ent1IdPath": "app_id",
"ent2IdPath": "approle_id",
"ent2KeyField": "entitlementID",
"targetEntType": "Roles",
"addDependentTask": true,
"removeDependentEntTask": true,
"mappingTypes": [
"ENTMAP"
]
}
}
}
}
}

ejeong · ‎11/01/2022

app_id is entitlementID for application entitlementtype.

Developer can add it in response.

I am wondering if we add ${id} in url of entitlementMappingParam. will it go through all entitlement_value of application entitlement type?

Thanks

ejeong · ‎11/02/2022

Now developer added app_id attribute in response.

but I am still not able to see "child entitlement" in entitlement

XPC is one of app name, if I call all roles with XPC as app_name parameter

Here is response I can see when I pass XPC.

{

"message": "ok",

"result": [

{

"approle_id": 47,

"approle_name": "ABTest Control Center Manager",

"app_id": 11,

"app_name": "XPC"

},

{

"approle_id": 48,

"approle_name": "XPC Access Manager",

"app_id": 11,

"app_name": "XPC"

},

{

"approle_id": 49,

"approle_name": "XPC Super Admin",

"app_id": 11,

"app_name": "XPC"

},

{

"approle_id": 50,

"approle_name": "XPC Gater Admin",

"app_id": 11,

"app_name": "XPC"

}

],

"status": 200

}

Here is entitlement type = application attribute mapping.

This is entitlementMappingParam

"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Applications": {
"ent1KeyField": "entitlementID",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "{{URL}}?app_name==${id.replace(' ','%20')}",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "result",
"ent1IdPath": "app_id",
"ent2IdPath": "approle_id",
"ent2KeyField": "entitlementID",
"targetEntType": "Roles",
"addDependentTask": true,
"removeDependentEntTask": true,
"mappingTypes": [
"ENTMAP"
]

Can anyone tell me what I did wrong?

ejeong · ‎11/02/2022

I want to make something like below..

rushikeshvartak · ‎11/03/2022

This is ENT2 not ENTMAP

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

ejeong · ‎11/03/2022

Under mappingType?

Whats differences those two?

Sivagami · ‎11/03/2022

ENT2 is basically the nested entitlements.

Entitlement map is something that you can define in each entitlement as needed. EX: lets say user requests for ENT A and you want anyone requesting ENT A to get ENT B, you can add ENT B as the entitlement map for ENT A. So, whenever someone logs requests for ENT A, ENT B gets added too.

More details here - https://saviynt.freshdesk.com/support/solutions/articles/43000527104-viewing-or-updating-entitlement...

-Siva

ejeong · ‎11/03/2022

Thanks. Understood. But even if i added entmap with syntax above? Is there anything wrong? I couldnt check anything under ent map as well...

ejeong · ‎11/03/2022

am I not allowed to use ${id} to go through all entitlement value of parent entitlement type?

I am getting null response error. it seems it's not fetching binding variable correctly.

But it's working as expected when I hardcoded the app_name in url...

rushikeshvartak · ‎11/03/2022

What is error when you don’t use string function

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

ejeong · ‎11/03/2022

We are getting error when app name has blank space. So we are using this function in accEntParam already...

I just tried without filter pulling all applications and names in single api call. It worked as expected but.. i am worrying if we have more and more roles in the future and we cant get it in single api.. currently we have over 6000 roles (child) in prod.

rushikeshvartak · ‎11/03/2022

"url": "{{URL}}?app_name=${id.replace(' ','%20')}",

I see previous post it was == , Does this API works from Postman

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

ejeong · ‎11/03/2022

No that was a typo. I tried with one =

ejeong · ‎11/03/2022

it looks like ${id} isn't picking up entitlement_value under the entitlement type.

Also, I tried to get all roles or permissioens without parameter and use pagination instead. but pagination also didn't work unlikely accountParam /entitlementParam / accEntParam..

Saviynt Forums

REST - Entitlement Hirerechy