and more in a single search tool across platforms. Read the announcement here. |
05/11/2023 01:17 PM
https://saviynt.freshdesk.com/support/tickets/1626945
This seems issue with service account access issue but agent asked to follow up here not sure how it going to help
Grant Access JSON :
{ "Role":["Insert into role_owners(userkey,rolekey,rank,updatedate,updateuser) values(${user.id},(select rolekey from roles where ROLE_NAME='${task.entitlement_valueKey.entitlement_value}'),1,utc_timestamp(),(select userkey from users where username = 'admin'))"], "Rule":["Insert into rule_owners(userkey,rulekey,rank,updatedate,updateuser) values(${user.id},(select hanarulekey from hanarule where case when TYPE=0 then concat(NAME,' TYPE:BUSINESS')='${task.entitlement_valueKey.entitlement_value}' when type=1 then concat(NAME,'TYPE:TECHNICAL')='${task.entitlement_valueKey.entitlement_value}' when type=2 then concat(NAME,' TYPE:USER UPDATE')='${task.entitlement_valueKey.entitlement_value}' when type=3 then concat(NAME,' TYPE:NEW USER')='${task.entitlement_valueKey.entitlement_value}' when type=4 then concat(NAME,' TYPE:REMOVE USER')='${task.entitlement_valueKey.entitlement_value}' when type=5 then concat(NAME,' TYPE:UPDATE ENTITLEMENT')='${task.entitlement_valueKey.entitlement_value}' when type=6 then concat(NAME,' TYPE:NEW ENTITLEMENT')='${task.entitlement_valueKey.entitlement_value}' when type=7 then concat(NAME,' TYPE:REMOVE ENTITLEMENT')='${task.entitlement_valueKey.entitlement_value}' when type=8 then concat(NAME,' TYPE:REQUEST')='${task.entitlement_valueKey.entitlement_value}' end),1,utc_timestamp(),(select userkey from users where username = 'admin'))"], "UserGroup":["Insert into usergroup_users(userkey,user_groupkey,updatedate,updateuser) values(${user.id},(select USERGROUPKEY from user_groups where USER_GROUPNAME='${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"], "SAVRole":["Insert into user_savroles(USERKEY, ROLEKEY,UPDATEDATE,UPDATEUSER) VALUES (${user.id},(select rolekey from savroles where rolename= '${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"], "Risk":["Insert into riskowners(owneruserkey,rank,riskid,updatedate,updateuser) values(${user.id},1,(select riskid from risks r inner join rulesets rs on rs.RULESETKEY=r.RULESETKEY where concat(RISKNAME,' RULESET:',rs.RULESET)='${task.entitlement_valueKey.entitlement_value}'),utc_timestamp(),(select userkey from users where username = 'admin'))"], "Function":["update functions f inner join rulesets rs on f.RULESETKEY=rs.RULESETKEY set f.OWNERTYPE=1,f.OWNER=${user.id} where concat(FUNCTION_NAME,' RULESET:',rs.ruleset) = '${task.entitlement_valueKey.entitlement_value}' and f.functionkey>0"], "BusinessProcess":["Insert into bp_owners(busprockey,userkey,update_date) values((select busprockey from busprocs where busprocname='${task.entitlement_valueKey.entitlement_value}'),${user.id},utc_timestamp())"], "JRM":["update jrmrules set owner=${user.id} where jrmrulename = '${task.entitlement_valueKey.entitlement_value}'"] }
Issue is task is completed but user is not getting added to user group or sav role but entitlement is getting added.
also tried hardcoded query
Solved! Go to Solution.
05/17/2023 09:12 AM
Do you see any error in the logs, where did you check to see if there was an issue with access of service account?
Also What ent types you are trying now in grant access ( ex:savrole,usergroup,etc )
Thanks
Darshan
05/17/2023 09:44 AM
Nothing shown on logs regarding access issue. on logs
SAVRole & UserGroup are entitlement Type
https://saviynt.freshdesk.com/support/tickets/1628323
05/17/2023 08:08 PM
This is resolved by keeping Entitlement Type Name =Entitlement Type Display Name
05/17/2023 08:09 PM
Does Json works on Entitlement Type Display Name ?
Agent asked me to ask question here how to set display name of Entitlement Type https://saviynt.freshdesk.com/helpdesk/tickets/1628323
05/18/2023 05:21 AM
Yes it works on display name, what ever you have the display name, just put the same in grant access json that should work.
Thanks
Darshan
05/18/2023 05:32 AM
Is this new change ? Because till v5.5 its working on entitlement type name neither document mention on change
Then what is use of display name ?
05/18/2023 06:27 AM
No, this was used from the first even in v5.5 env's you need to use the display name as what you are giving the grant access json is searching the display name of entitlement
Thanks
Darshan