Click HERE to see how Saviynt Intelligence is transforming the industry.
|
Click HERE to see how Saviynt Intelligence is transforming the industry.
|
Hello comunity,
We detected a issue in the operation of this job.
When doing entitlement import for several files for example for 100+ files / security systems, it can happen that there are endpoints with the same name in several security systems (if there are Security systems for different environments DEV, QA, PROD with same endpoints name). In that case this job creates duplicate endpoints in one security system that have the same name and display name (randomly depending on which file is processed first in the job). SAV file is defined to create Endpoint if it does not exist in Security system.
When this happens for other security systems that have this endpoint a job error occurs and they can not be processed in that job instance. (It is possible to import when importing one by one)
It is not possible to create a duplicate endpoints (with same Endpoint Name and Display name) using UI and API endpoint (because there is validation), but it is possible through this import job.
Because there are duplicate endpoints the system goes crazy because there is no unique identification when using the API call (because endpoint name is used as a required/unique param)
If such an endpoint is tried to be updated using an API call, then issue arises and that endpoint can move from one to another security system. (Eg SS1 has two endpoints (EndpointA, EndpointA) and SS2 has one endpoint (EndpointA), if we update EndpointA in SS2 it can happen that then one EndpointA from SS1 move under SS2. In that case SS2 will then have a duplicate endpoint).
What is the best practice for using endpoints that have the same names in different security systems (for example to have EndpointA in SSDev, SSQA, SSProd) ?
Has anyone had similar experiences with this job ?
