Saviynt Forums

BrandonLucas_BF · ‎11/07/2023

Hi -

I am using sample JSON like the following:

{
  "accountIdPath": "call1.message.id",
  "call": [
    {
      "name": "call1",
      "connection": "acctAuth",
      "url": "https://sampleapplication.com/api/users",
      "httpMethod": "POST",
      "httpParams": "{\"userName\":\"${user.systemUserName}\",\"department\":\"${user.departmentname}\",\"emails/primary\":\"${user.email}\",\"publicEmailAddress\":\"${user.email}\",\"firstName\":\"${user.preferedFirstName}\",\"lastName\":\"${user.customproperty30}\",\"location\":\"${user.location}\",\"phoneNumber\":\"${user.phonenumber}\",\"position\":\"${user.title}\",\"sendMail\": false, \"profile\":{\"payratetype\":\"${user.customproperty14}\",\"costcenter\":\"${user.costcenter}\",\"country\":\"${user.country}\",\"function\":\"${user.customproperty13}\",\"region\":\"${user.region}\"},\"role\":{\"type\":\"${(requestAccessAttributes.get('dynamic_Access'))}\"} }",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": [
        {
          "statusCode": 201
        }
      ]
    }
  ]
}

Key point is that the value passed in to the 'role' attribute is derived from the dynamic_Access dynamic attribute. That attribute is configured as follows:

During an ARS request, the dynamic attribute is populated and CreateAccount or UpdateAccount JSON is perfect. However, when a task to create or update the account is driven by rules, it appears to be passing in the value string of 'admin,editor,moderator,reader,restricted' instead of 'reader'.

The desired behavior is that during a rules-driven CreateAccount or UpdateAccount event have it default to 'reader'. How can I achieve this?

rushikeshvartak · ‎11/07/2023

You need to store value in accounts customproperty and access in JSON

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

BrandonLucas_BF · ‎11/17/2023

I am storing the value in customproperty8 on the account. Can you give me an example that achieves what you describe using my createaccountjson above?

Rajesh-R · ‎11/19/2023

@BrandonLucas_BF - The product may be populating the List of Values / instead of Default value. I guess you are using enum type of DA.

Can you try with DA of type Single select from SQL and check if this is still replicable?

Values:

Select value as ID from (select 'admin' as value from dual UNION select 'editor' as value from dual UNION select 'moderator' as value from dual UNION select 'reader' as value from dual UNION select 'restricted' as value from dual) a

Default value:

select 'reader' as ID from dual

Thanks
Rajesh Ramalingam
Saviynt India

BrandonLucas_BF · ‎01/10/2024

Hi @Rajesh-R -

Sorry for the slow reply. I'm just getting back to this. Your assumptions are correct that I was using enum type of DA.

I went to try your suggestion but it had been so long that I wanted to confirm the same behavior of error before making any adjustments. When I tested it with the enum type still in place, it worked! The test environment was upgraded to 23.12 from 12.9 since this post was made. Production is still on 23.9. I will move my change to prod to see if it breaks after doing so. If so, I'll look into your suggestion.

-Brandon

BrandonLucas_BF · ‎01/11/2024

Hi @Rajesh-R -

Disregard the crossed out text in my prior response. After doing further testing, I realized I was wrong. It is still broken.

I also tested your suggestion and saw the same behavior. When the account provisioning is executed through a rule, the outcome is that the user is placed into the 'restricted' role instead of the default 'reader' role. I believe this is because 'restricted' is the last item in the list of values.

Any other ideas?

Saviynt Forums

REST - Pass default value of DynamicAttribute from rule-based execution