Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

SaviyntforSaviynt REST - Access/entitlement import not working

IAM_99
Regular Contributor II
Regular Contributor II

Hi Team,

We have configured SaviyntforSaviynt REST Connector to pull entitlements from a target, below is the ImportAccountEntJSON

{
"accountParams": {},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Entitlements": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://XXXXX/ECM/api/getEntitlementValuesForEndpoint",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpParams": "{\"endpoint\":\"ABCREST\",\"entitlementType\":\"PermissionSet\",\"entitlement_value\":\"Group1\"}",
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "Entitlementdetails",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "entitlementID~#~char",
"entitlement_value": "entitlement_value~#~char",
"displayname": "customproperty10~#~char"
}
}
}
}
}
},
"acctEntParams": {}
}

Access Import Job is successful , but entitlement is not loading.  From logs not seen any relevant exception  , but found this 

DEBUG rest.RestProvisioningService - Inside cleanUpEntitlementMapLink \n","stream":"stdout","time":"2023-02-15T19:54:05.185438705Z"}"
DEBUG rest.RestProvisioningService - EntitlementMap deleteQuery = select emap.ENTITLEMENT_VALUE1KEY, emap.ENTITLEMENT_VALUE2KEY from EntitlementMap emap inner join Entitlement_values ev1 on emap.ENTITLEMENT_VALUE1KEY = ev1.ENTITLEMENT_VALUEKEY inner join Entitlement_values ev2 on emap.ENTITLEMENT_VALUE2KEY = ev2.ENTITLEMENT_VALUEKEY inner join Entitlement_types et1 on ev1.ENTITLEMENTTYPEKEY = et1.ENTITLEMENTTYPEKEY inner join Entitlement_types et2 on ev2.ENTITLEMENTTYPEKEY = et2.ENTITLEMENTTYPEKEY where et1.ENTITLEMENTTYPEKEY in(1647) and et2.ENTITLEMENTTYPEKEY in(1647) and emap.JOB_ID is not null and emap.JOB_ID \u003c\u003e '1273165'\n","stream":"stdout","time":"2023-02-15T19:54:05.185539248Z"}"
DEBUG rest.RestProvisioningService - Inside cleanUpEntMappingInfoField \n","stream":"stdout","time":"2023-02-15T19:54:05.187551206Z"}"
DEBUG rest.RestProvisioningService - Entitlements Mapping InfoField deleteQuery = update entitlement_values ev inner join entitlement_types et on ev.ENTITLEMENTTYPEKEY = et.ENTITLEMENTTYPEKEY set entitlementMappingJson = null where et.ENDPOINTKEY = 2611\n","stream":"stdout","time":"2023-02-15T19:54:05.18759757Z"}"
INFO [quartzScheduler_Worker-9] groovy.sql.Sql.commit Commit operation not supported when using datasets unless using withTransaction or cacheConnection - attempt to commit ignored\n","stream":"stderr","time":"2023-02-15T19:54:05.189768626Z"}"
DEBUG rest.RestUtilService - Writing job history to import

any idea/inputs on this ?

 

 

10 REPLIES 10

SB
Saviynt Employee
Saviynt Employee
Can you try with the below ImportJson. 
{
    "accountParams": {},
    "entitlementParams": {
        "connection": "acctAuth",
        "processingType": "SequentialAndIterative",
        "entTypes": {
            "Ent 1": {
                "entTypeOrder": 0,
                "entTypeLabels": {},
                "call": {
                    "call1": {
                        "callOrder": 0,
                        "stageNumber": 0,
                        "http": {
                            "url": "https://abc.com/ECM/api/getEntitlementValuesForEndpoint",
                            "httpHeaders": {
                                "Authorization": "${access_token}",
                                "Accept": "application/json"
                            },
                            "httpParams": "{
                                \"endpoint\": \"SDesk\",
                                \"entitlementType\": \"Ent 1\"
                            }",
                            
                            "httpMethod": "GETWITHBODY"
                        },
                        "listField": "Entitlementdetails",
                        "keyField": "entitlement_value",
                        "colsToPropsMap": {
                            "entitlement_value": "entitlement_value~#~char",
                            "displayname": "customproperty10~#~char"
                        }
                    }
                }
            }
        }
    }
}
 

Regards,
Sahil

IAM_99
Regular Contributor II
Regular Contributor II

Hi Sahil,

We are trying with two calls -

1 is to get entitlements data

2. is to update 

~~~~~~~~~~~~~~~~~~~~~ 2nd call is not getting called

JSON 

~~~~~

{
"accountParams": {},
"entitlementParams": {
"connection": "Saviynt4Saviynt",
"processingType": "SequentialAndIterative",
"entTypes": {
"Ent 1": {
"entTypeOrder": 0,
"entTypeLabels": {},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxx-xxxxx-xxxx/ECM/api/getEntitlementValuesForEndpoint",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpParams": "{\"endpoint\":\"XXXXXXX - APAC\",\"entitlementType\":\"PermissionSet\",\"entitlement_value\":\"CallCenterAgent_XXXXXXX_Primary\"}",
"httpContentType": "application/json",
"httpMethod": "POST"
},
"successResponses": {
"statusCode": [200, 201, 204, 205]
},
"listField": "Entitlementdetails",
"keyField": "entitlement_value",
"colsToPropsMap": {
"entitlement_value": "entitlement_value~#~char",
"displayname": "customproperty10~#~char"
}
},
"call2": {
"callOrder": 1,
"stageNumber": 0,
"http": {
"url": "https://xxxxx-xxxxx-xxxx/ECM/api/createUpdateEntitlement",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpParams": "{\"endpoint\":\"XXXXXXX - APAC\",\"status\":\"1\",\"displayname\":\"Primary Call Center AgenthelloAPI\",\"entitlementType\":\"PermissionSet\",\"entitlement_value\":\"CallCenterAgent_XXXXXXX_Primary\"}",
"httpContentType": "application/json",
"httpMethod": "POST"
},
"successResponses": {
"statusCode": [200, 201, 204, 205]
},
"listField": "Entitlementdetails",
"keyField": "entitlement_value",
"colsToPropsMap": {
"entitlement_value": "entitlement_value~#~char",
"displayname": "customproperty10~#~char"
}
}
}
}
}
}
}

 

 

any input whats worng  with 2nd call ?

SB
Saviynt Employee
Saviynt Employee

The post call for createUpdateEntitlement will not work as part of Import json.

Can you please confirm the use case you are trying to achieve


Regards,
Sahil

IAM_99
Regular Contributor II
Regular Contributor II
Use Case :
We have a limitation with Salesforce Connector - Entitlements Display name is not populating  on DisplayName instead its storing in CP10, i doubt saviynt will fix this in near future.
To address the issue - we have started using SaviyntForSaviynt REST connector.
 
 
any alternative to achieve this ( manual update is not an option as we have so many entitlements) ?
 
 

SB
Saviynt Employee
Saviynt Employee

In that case you can only need to use 1 call (getEntitlementValuesForEndpoint) for entitlementParams. And in your attribute mapping map displayname with CP10. It should update the display name value of the entitlement.


Regards,
Sahil

IAM_99
Regular Contributor II
Regular Contributor II

if we use call1 - it will update in Saviynt4Saviynt's REST Endpoint - entitlement display name but we want Salesforce entitlement's  display name to be update.

we are trying to move cp10 to Displyname automatically since connector is not doing , please find below

IAM_99_1-1678982962172.png

 

 

IAM_99_0-1678982869398.png

 

SB
Saviynt Employee
Saviynt Employee

In this case I would suggest you to rather use CustomQuery job and update the Displayname of the entitlement with the CP10 value using the DB query. 

Reference query to be used: 

update entitlement_values set DISPLAYNAME = CUSTOMPROPERTY10 where ENTITLEMENTTYPEKEY in (select ENTITLEMENTTYPEKEY from entitlement_types where endpointkey='1');

You can either run it separately or add this job in a trigger chain with your Access import from Salesforce.

 


Regards,
Sahil

@SB But custom query isn't suppose to deprecate? if not now may be in future version it will right? In that case is this the reliable solution?

I have similar use case which I referred here: https://forums.saviynt.com/t5/identity-governance/can-we-use-sav4sav-rest-connector-to-copy-certain-...

Earlier we use to achieve this with SAV4SAV with DB connection and do Entitlement Import Job, But now we are asked to use SAV4SAV REST.

Are you confirming that we cannot use SAV4SAV REST for such use cases?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

SB
Saviynt Employee
Saviynt Employee

@sk / @IAM_99  We can also use the SAV4SAV REST connection in order to achieve this use case. Below are the steps:

1. Create a new SAV4SAV REST Connection. (you can also select the pre defined template for this connection to populate the sample JSON)

sahil_0-1679422945640.png

2. Update the Connection, ImportAccountEntJSON and save the connection. Attached example of Connection JSON and the ImportAccountEntJSON to be used for your Use case.

Note: You will need to update endpoint and entitlementType value in the import json for the intended EP.

3. Create a New Job trigger. Select the type as Application Data Import (Single Threaded). Under system, select the SS that needs to be updated and in Connection - select the SAV4SAV connection you created.

sahil_1-1679423287267.png

4. Run the Access Import job.

The value of DisplayName will be updated with the CP that you have mapped it with in the ImportAccountEntJSON.


Regards,
Sahil

@SB : Thank you for the response, Yeah this will help. Let us validate this and confirm.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.