Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/02/2024 06:44 AM
Hi everyone,
I'm wondering, why Saviynt4Saviynt Accounts are unassigned from users, when running a Deprovision Access Task. All other accounst, such as AD still keep linked to the user, yet the S4S account is removed.
After applying the below User Update rule, the user gets disabled. When looking in the accounts, all of them are still visible and inactive, except the S4S account.
When looking in the Account, I see, that the username is suddenly empty:
User Update Rule used:
Solved! Go to Solution.
07/02/2024 06:53 AM
07/02/2024 07:18 AM
To be exact, it happens after the first Application Data Import (Accounts).
The User Account Correlation rule for the endpoint still applies.
About the previous versions I can't tell. I expect so, but I don't have access to anything before 24.5.
I'll upload the logs, when my tests finished.
07/02/2024 07:56 AM
It seems the selection during the import is limited to users with Statuskey='1'.
Affected User: 000062_SendPasswordUser
"2024-07-02T14:50:33.803+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-17-gx2jr","DEBUG","Parameters are [sEcho:1, iColumns:4, sColumns:, iDisplayStart:0, iDisplayLength:5, mDataProp_0:FK, mDataProp_1:username, mDataProp_2:firstname, mDataProp_3:lastname, sSearch:, bRegex:false, sSearch_0:, bRegex_0:false, bSearchable_0:true, sSearch_1:, bRegex_1:false, bSearchable_1:true, sSearch_2:, bRegex_2:false, bSearchable_2:true, sSearch_3:, bRegex_3:false, bSearchable_3:true, iSortCol_0:0, sSortDir_0:asc, iSortingCols:1, bSortable_0:false, bSortable_1:true, bSortable_2:true, bSortable_3:true, radio:radio, userNotToshow:1084, all:usermanager, jsontype:datatable, controller:workflowmanagement, action:alluserofloggedmanagerjson, max:5, offset:0]"
"2024-07-02T14:50:33.803+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-52-gx2jr","DEBUG","SQL:::|SELECT * from USERS this_ where (this_.STATUSKEY=1|and not (this_.USERKEY in (1084)))|"
"2024-07-02T14:50:33.804+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-52-gx2jr","DEBUG","fetch data completed.."
"2024-07-02T14:50:33.804+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-17-gx2jr","DEBUG","Count of users 904 "
"2024-07-02T14:50:33.806+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-17-gx2jr","DEBUG","SQL:::|SELECT * from USERS this_ where (this_.STATUSKEY=1|and not (this_.USERKEY in (1084)))|"
"2024-07-02T14:50:33.806+00:00","ecm","ws.Restfulv5Controller","http-nio-8080-exec-8-gx2jr","DEBUG","Disable Audit Logging : true"
"2024-07-02T14:50:33.806+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-17-gx2jr","DEBUG","fetch data completed.."
"2024-07-02T14:50:33.807+00:00","ecm","ws.Restfulv5Controller","http-nio-8080-exec-8-gx2jr","DEBUG","Default max limit is set to 50"
"2024-07-02T14:50:33.808+00:00","ecm","ws.Restfulv5Controller","http-nio-8080-exec-8-gx2jr","DEBUG","inside getEcmVersion"
"2024-07-02T14:50:33.808+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-8-gx2jr","DEBUG","contentType - text/json"
"2024-07-02T14:50:33.809+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-8-gx2jr","DEBUG","contentTypeFromConfig - application/json"
"2024-07-02T14:50:33.820+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-41-gx2jr","DEBUG","proceed since user has been granted admin access.."
"2024-07-02T14:50:33.821+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-41-gx2jr","DEBUG","fetch data start.."
"2024-07-02T14:50:33.822+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-41-gx2jr","DEBUG","Parameters are [sEcho:1, iColumns:6, sColumns:, iDisplayStart:0, iDisplayLength:5, mDataProp_0:FK, mDataProp_1:username, mDataProp_2:firstname, mDataProp_3:lastname, mDataProp_4:systemUserName, mDataProp_5:email, sSearch:, bRegex:false, sSearch_0:, bRegex_0:false, bSearchable_0:true, sSearch_1:, bRegex_1:false, bSearchable_1:true, sSearch_2:, bRegex_2:false, bSearchable_2:true, sSearch_3:, bRegex_3:false, bSearchable_3:true, sSearch_4:, bRegex_4:false, bSearchable_4:true, sSearch_5:, bRegex_5:false, bSearchable_5:true, iSortCol_0:0, sSortDir_0:asc, iSortingCols:1, bSortable_0:false, bSortable_1:true, bSortable_2:true, bSortable_3:true, bSortable_4:true, bSortable_5:true, radio:radio, userNotToshow:1084, status:1, all:owneronterminate, jsontype:datatable, controller:workflowmanagement, action:alluserofloggedmanagerjson, max:5, offset:0]"
"2024-07-02T14:50:33.823+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-41-gx2jr","DEBUG","Count of users 904 "
"2024-07-02T14:50:33.824+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-41-gx2jr","DEBUG","SQL:::|SELECT * from USERS this_ where (this_.STATUSKEY=1|and not (this_.USERKEY in (1084)))|"
"2024-07-02T14:50:33.824+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-41-gx2jr","DEBUG","fetch data completed.."
"2024-07-02T14:50:33.826+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-15-gx2jr","DEBUG","proceed since user has been granted admin access.."
"2024-07-02T14:50:33.827+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-15-gx2jr","DEBUG","fetch data start.."
"2024-07-02T14:50:33.828+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-15-gx2jr","DEBUG","Parameters are [sEcho:1, iColumns:6, sColumns:, iDisplayStart:0, iDisplayLength:5, mDataProp_0:FK, mDataProp_1:username, mDataProp_2:firstname, mDataProp_3:lastname, mDataProp_4:systemUserName, mDataProp_5:email, sSearch:, bRegex:false, sSearch_0:, bRegex_0:false, bSearchable_0:true, sSearch_1:, bRegex_1:false, bSearchable_1:true, sSearch_2:, bRegex_2:false, bSearchable_2:true, sSearch_3:, bRegex_3:false, bSearchable_3:true, sSearch_4:, bRegex_4:false, bSearchable_4:true, sSearch_5:, bRegex_5:false, bSearchable_5:true, iSortCol_0:0, sSortDir_0:asc, iSortingCols:1, bSortable_0:false, bSortable_1:true, bSortable_2:true, bSortable_3:true, bSortable_4:true, bSortable_5:true, radio:radio, userNotToshow:1084, status:1, all:secondaryusermanager, jsontype:datatable, controller:workflowmanagement, action:alluserofloggedmanagerjson, max:5, offset:0]"
"2024-07-02T14:50:33.829+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-15-gx2jr","DEBUG","Count of users 904 "
"2024-07-02T14:50:33.829+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-15-gx2jr","DEBUG","SQL:::|SELECT * from USERS this_ where (this_.STATUSKEY=1|and not (this_.USERKEY in (1084)))|"
"2024-07-02T14:50:33.830+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-15-gx2jr","DEBUG","fetch data completed.."
"2024-07-02T14:50:33.832+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-56-gx2jr","DEBUG","proceed since user has been granted admin access.."
"2024-07-02T14:50:33.833+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-56-gx2jr","DEBUG","fetch data start.."
"2024-07-02T14:50:33.834+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-56-gx2jr","DEBUG","Parameters are [sEcho:1, iColumns:6, sColumns:, iDisplayStart:0, iDisplayLength:5, mDataProp_0:FK, mDataProp_1:username, mDataProp_2:firstname, mDataProp_3:lastname, mDataProp_4:systemUserName, mDataProp_5:email, sSearch:, bRegex:false, sSearch_0:, bRegex_0:false, bSearchable_0:true, sSearch_1:, bRegex_1:false, bSearchable_1:true, sSearch_2:, bRegex_2:false, bSearchable_2:true, sSearch_3:, bRegex_3:false, bSearchable_3:true, sSearch_4:, bRegex_4:false, bSearchable_4:true, sSearch_5:, bRegex_5:false, bSearchable_5:true, iSortCol_0:0, sSortDir_0:asc, iSortingCols:1, bSortable_0:false, bSortable_1:true, bSortable_2:true, bSortable_3:true, bSortable_4:true, bSortable_5:true, radio:radio, userNotToshow:1084, notToShowLoggedInUser:true, all:dnduser, jsontype:datatable, controller:workflowmanagement, action:alluserofloggedmanagerjson, max:5, offset:0]"
"2024-07-02T14:50:33.836+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-56-gx2jr","DEBUG","Count of users 903 "
"2024-07-02T14:50:33.838+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-56-gx2jr","DEBUG","SQL:::|SELECT * from USERS this_ where (this_.STATUSKEY=1|and not (this_.USERKEY in (1084, 16)))|"
"2024-07-02T14:50:33.838+00:00","ecm","workflow.WorkflowmanagementController","http-nio-8080-exec-56-gx2jr","DEBUG","fetch data completed.."
"2024-07-02T14:50:33.143+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","Exception in getUsername"
"2024-07-02T14:50:33.247+00:00","ecm","","null-gx2jr","","java.lang.NullPointerException: Cannot get property 'firstname' on null object at com.saviynt.ecm.services.SaviyntCommonUtilityService.getUserDisplayName(SaviyntCommonUtilityService.groovy:7082) at gsp_ECM_usersshow_gsp$_run_closure2_closure5.doCall(gsp_ECM_usersshow_gsp.groovy:445) at gsp_ECM_usersshow_gsp$_run_closure2.doCall(gsp_ECM_usersshow_gsp.groovy:841) at gsp_ECM_usersshow_gsp.run(gsp_ECM_usersshow_gsp.groovy:1141) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:158) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-07-02T14:50:33.144+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","Exception in getUsername"
"2024-07-02T14:50:33.247+00:00","ecm","","null-gx2jr","","java.lang.NullPointerException: Cannot get property 'firstname' on null object at com.saviynt.ecm.services.SaviyntCommonUtilityService.getUserDisplayName(SaviyntCommonUtilityService.groovy:7082) at gsp_ECM_usersshow_gsp$_run_closure2_closure5.doCall(gsp_ECM_usersshow_gsp.groovy:744) at gsp_ECM_usersshow_gsp$_run_closure2.doCall(gsp_ECM_usersshow_gsp.groovy:841) at gsp_ECM_usersshow_gsp.run(gsp_ECM_usersshow_gsp.groovy:1141) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:158) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-07-02T14:50:33.145+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","Exception in getUsername"
"2024-07-02T14:50:33.247+00:00","ecm","","null-gx2jr","","java.lang.NullPointerException: Cannot get property 'firstname' on null object at com.saviynt.ecm.services.SaviyntCommonUtilityService.getUserDisplayName(SaviyntCommonUtilityService.groovy:7082) at gsp_ECM_usersshow_gsp$_run_closure2_closure5.doCall(gsp_ECM_usersshow_gsp.groovy:780) at gsp_ECM_usersshow_gsp$_run_closure2.doCall(gsp_ECM_usersshow_gsp.groovy:841) at gsp_ECM_usersshow_gsp.run(gsp_ECM_usersshow_gsp.groovy:1141) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:158) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
"2024-07-02T14:50:33.149+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","Inside isReadOnlyUserProfile for username : 000062_SendPasswordUser"
"2024-07-02T14:50:33.149+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","isReadOnlyUserProfile configData : SaviyntSupportAgent1,SaviyntSupportAgent2,SaviyntSupportAgent3,systemadmin"
"2024-07-02T14:50:33.149+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","ReadOnlyUsers for UI : [SAVIYNTSUPPORTAGENT1, SAVIYNTSUPPORTAGENT2, SAVIYNTSUPPORTAGENT3, SYSTEMADMIN]"
"2024-07-02T14:50:33.150+00:00","ecm","services.SaviyntCommonUtilityService","http-nio-8080-exec-54-gx2jr","DEBUG","Exit isReadOnlyUserProfile for username : 000062_SendPasswordUser"
07/02/2024 11:18 AM
Did you specified in status threshold config to map inactive accounts to user ?
{
"statusAndThresholdConfig": {
"accountThresholdValue": 100,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"statusColumn": "customproperty1",
"activeStatus": [
"active"
],
"deleteLinks": true
}
}
07/02/2024 06:54 AM
Hi @Murmur share your account import json is it db connector??
07/02/2024 06:57 AM
Hi @NM,
It is just the default Saviynt4Saviynt Connector.
ImportAccountEntJSON:
{"acctEntParams":{"entTypes":{"SAVRoles":{"call":{"call1":{"acctKeyField":"accountID","callOrder":0,"processingType":"httpEntToAcct","pagination":{"offset":{"totalCountPath":999999999,"batchParam":"limit","batchSize":500,"offsetParam":"offset"}},"listField":"users","http":{"httpContentType":"application/json","httpHeaders":{"Authorization":"${access_token}"},"httpMethod":"GET","url":"https://mylab-dev.saviyntcloud.com/ECMv6/api/userms/savroles/${id}/users"},"entKeyField":"entitlementID","acctIdPath":"username","connection":"userAuth","stageNumber":1}}},"UserGroups":{"call":{"call1":{"callOrder":0,"processingType":"entToAcctMapping","stageNumber":0}}}}},"entitlementParams":{"entTypes":{"SAVRoles":{"call":{"call1":{"keyField":"entitlementID","callOrder":0,"listField":"savroles","http":{"successResponses":{"statusCode":[200,201]},"httpContentType":"application/json","httpHeaders":{"Authorization":"${access_token}","Accept":"application/json"},"httpMethod":"GET","url":"https://mylab-dev.saviyntcloud.com/ECMv6/api/userms/savroles"},"stageNumber":0,"colsToPropsMap":{"customproperty1":"CUSTOMPROPERTY1~#~char","entitlementID":"ROLENAME~#~char","entitlement_value":"ROLENAME~#~char"}}},"entTypeOrder":0},"UserGroups":{"call":{"call1":{"keyField":"entitlementID","callOrder":0,"pagination":{"offset":{"totalCountPath":"completeResponseMap.totalcount","batchParam":"max","batchSize":500,"offsetParam":"offset"}},"listField":"usergroups","http":{"httpParams":"","httpContentType":"application/json","httpHeaders":{"Authorization":"${access_token}","Accept":"application/json"},"httpMethod":"POST","url":"https://mylab-dev.saviyntcloud.com/ECM/api/v5/fetchUserGroup"},"stageNumber":0,"colsToPropsMap":{"acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char","entitlementID":"usergroupkey~#~char","entitlement_value":"user_groupname~#~char"}}},"acctEntMappings":{"keyField":"accountID","idPath":"username","listField":"owners","importAsAccount":false},"entTypeOrder":2}},"processingType":"SequentialAndIterative","connection":"userAuth"},"accountParams":{"call":{"call1":{"keyField":"accountID","callOrder":0,"pagination":{"offset":{"totalCountPath":999999999,"batchParam":"max","batchSize":500,"offsetParam":"offset"}},"listField":"results","http":{"httpContentType":"application/json","httpHeaders":{"Authorization":"${access_token}","Accept":"application/json"},"httpMethod":"GET","url":"https://mylab-dev.saviyntcloud.com/ECM/api/v5/user?q=accountExpired:0&fields=username,email,displayname,statuskey&sort=username&order=desc"},"stageNumber":0,"colsToPropsMap":{"accountID":"username~#~char","customproperty2":"email~#~char","customproperty11":"statuskey~#~char","displayName":"displayname~#~char","name":"username~#~char","status":"active~#~char"}}},"processingType":"SequentialAndIterative","connection":"userAuth","statusAndThresholdConfig":{"inactivateAccountsNotInFile":false,"activeStatus":[1],"deleteAccEntForActiveAccounts":true,"statusColumn":"customproperty11","accountThresholdValue":10,"correlateInactiveAccounts":false,"deleteLinks":true}}}
07/02/2024 07:01 AM
Does it also happens when you perform action via ars?