Saviynt Forums

Jaya · ‎08/31/2023

Hi Team,

We are observing a issue in Salesforce connector.

While modifying access of a user (in a salesforce based application),when we create add access & remove access task for Role entitlement simultaneously, only removal of Role from the target is happening, addition of Role is not happening, although both Add access & remove access task is getting successful.

We are observing this issue for Role entitlement only, and in modification case only, whenever we are creating a new user with any Role as entitlement it is getting added.

Below are the logs, and I have highlighted a line which I suppose is creating issue, as at the target- Role Entitlement attribute is a Drop down field.

Please suggest on this.

2023-08-31/12:09:42.202 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - Adding entitlement nCino Administrator (Deployment Team) to user xxxxx@xxxxxx.com
2023-08-31/12:09:42.202 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - arsTasks?.requestAccessKey: com.saviynt.ecm.workflow.Request_Access : 1127
2023-08-31/12:09:42.205 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - permission: Read
2023-08-31/12:09:42.205 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - called AssignAfterSetUserRole
2023-08-31/12:09:42.205 [{}] [quartzScheduler_Worker-1] DEBUG services.HttpClientUtilityService - calling executeRequestWithTimeoutConfig for api...
2023-08-31/12:09:42.205 [{}] [quartzScheduler_Worker-1] DEBUG services.HttpClientUtilityService - calling api...
2023-08-31/12:09:42.205 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - callService url:>>>>>> https://xxxxxx-xxxxx/v34.0/sobjects/User/0053H000004m8xOQAQ
2023-08-31/12:09:42.205 [{}] [quartzScheduler_Worker-1] DEBUG services.HttpClientUtilityService - setting connection timeout to 10 seconds and request timeout to 120 seconds
2023-08-31/12:09:43.080 [{}] [quartzScheduler_Worker-1] DEBUG services.HttpClientUtilityService - called api...
2023-08-31/12:09:43.081 [{}] [quartzScheduler_Worker-1] DEBUG services.HttpClientUtilityService - timeout validated for api...
2023-08-31/12:09:43.081 [{}] [quartzScheduler_Worker-1] DEBUG services.HttpClientUtilityService - got response for api...
2023-08-31/12:09:43.081 [{}] [quartzScheduler_Worker-1] DEBUG rest.RestUtilService - callService - responseStatusCode ::204
2023-08-31/12:09:43.081 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - Role: 00E3z000001tbH3EAI is assigned for user: 0053H000004m8xOQAQ
2023-08-31/12:09:43.098 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - Successfully provisioned all entitlements to account in Salesforce
2023-08-31/12:09:43.098 [{}] [quartzScheduler_Worker-1] DEBUG provisoning.SalesForceProvisioningService - res: true
2023-08-31/12:09:43.098 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Inside updateProvisioningTries..
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Inside removeSingleDropDownAccountEntAddTaskAndPushTaskRollBackMapToSavinyt...
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Inside removeAccountEntForSingleDropdownAddTasks ...
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - isSingleDropdownTaskWithRollback - entType : 514, Role, requestform: 3
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - isSingleDropdownTaskWithRollback - createArsTaskAction : null
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - isSingleDropdownTaskWithRollback : false
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - removeAccountEntForSingleDropdownAddTasks - did not meet criteria of single dropdown add task.
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Entering provisionAccesstoAccountSaviynt
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - {xxxxx@xxxx.com=[com.saviynt.ecm.task.ArsTasks : 51684]}
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - ExistingAccount
2023-08-31/12:09:43.102 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - accountID before merge = 0053H000004m8xOQAQ
2023-08-31/12:09:43.106 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - accountID after merge = 0053H000004m8xOQAQ
2023-08-31/12:09:43.106 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Processing task 51684 start
2023-08-31/12:09:43.106 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - completing task = 51684
2023-08-31/12:09:43.106 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - completing task = 51684 done
2023-08-31/12:09:43.126 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - existingOrNew= ExistingAccount, accounts= xxxxxx@xxxx.com, task= com.saviynt.ecm.task.ArsTasks : 51684, parenttask= null
2023-08-31/12:09:43.135 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Adding permission to the account
2023-08-31/12:09:43.135 [{}] [quartzScheduler_Worker-1] DEBUG services.ArsTaskService - Account Entitlement Saved

[Removed]
[This message has been edited by moderator to mask PII info]

Thanks
Jaya Karothia

SB · ‎09/01/2023

Can you share a screenshot of Entitlement Type screen under Endpoint

Regards,
Sahil

Jaya · ‎09/03/2023

Hi @SB ,

PFB Screenshot.

Hi @manu - No there is no additional config.

[This message has been edited by moderator to mask company name]

Thanks
Jaya Karothia

Manu269 · ‎09/03/2023

Any config added at entitlement type of Salesforce ep?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

naveenss · ‎09/04/2023

Hi @Jaya

Do you have the prioritization criteria set for the Role entitlement type?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Jaya · ‎09/04/2023

No @naveenss , there is no prioritization criteria. Should we use that?

Thanks
Jaya Karothia

naveenss · ‎09/04/2023

Hi @Jaya thanks for the confirmation. No. I just wanted to confirm if the prioritization was set. This behaviour is observed when we have the prioritization criteria for role entitlement types.

Alternatively, can you please create two separate job triggers and process the removal of the role first and then process the addition of access and confirm if its working?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Jaya · ‎09/04/2023

Hi @naveenss ,

Can you please explain how?

If we are use Saviynt policies or Saviynt enterprise Roles or any other way for providing access, both add & remove task gets simultaneously raised. And Provisioning Job (WSRETRYJOB) clears all task in a single run.

Thanks
Jaya Karothia

SB · ‎10/03/2023

Was this issue resolved or are you still facing it.

Regards,
Sahil

Jaya · ‎10/03/2023

Yes, we are able to resolve this issue by scheduling two different provisioning jobs, first to remove Role and then to add new one.

Thanks
Jaya Karothia

Saviynt Forums

Salesforce Role Entitlement isn't getting added in modification of access of existing account