and more in a single search tool across platforms. Read the announcement here. |
03/13/2024 02:07 PM - edited 03/13/2024 02:09 PM
Hi team,
We want to restrict the functionality of adding multiple owners while creating or modifying the service account because in Azure AD only one owner is supported. How can we achieve this?
If we cannot restrict, we want to reject requests in the Workflow when more than one owner is selected while creating a new account or more owners are added without removing the existing one.
Please suggest me on this.
Any help on this is appreciated.
Solved! Go to Solution.
03/15/2024 02:01 AM
Are you able to provision the service account with single owner?
03/18/2024 06:53 AM
Yes, I am able to provision service account with a single owner.
03/18/2024 02:08 PM
@Saavi : You have to handle that in your WF. If user added more than one owner reject the request.
Below is sample logic you can use where if will allow only one Rank 1 User of type user.
String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USERRANKJSON')).count(':1')==1 and !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEYADDED')).contains(',')) and !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey)).contains('USERGROUPOWNERKEYADDED'))
03/18/2024 10:04 PM
"2024-03-19T05:01:30.533+00:00","ecm","services.RoleversionService","http-nio-8080-exec-603-4s25l","DEBUG","requestType:3 addset---null null"
"2024-03-19T05:01:30.533+00:00","ecm","services.RoleversionService","http-nio-8080-exec-603-4s25l","DEBUG","All ARS in a batch: []"
"2024-03-19T05:01:30.533+00:00","ecm","services.RoleversionService","http-nio-8080-exec-603-4s25l","DEBUG","session.evaluaterolesod = null"
"2024-03-19T05:01:30.536+00:00","ecm","services.WorkflowService","http-nio-8080-exec-603-4s25l","DEBUG","procIdList: [null]"
"2024-03-19T05:01:30.544+00:00","ecm","errors.GrailsExceptionResolver","http-nio-8080-exec-603-4s25l","ERROR","NullPointerException occurred when processing request: [POST] /ECM/workflowmanagement/createrequestfinalstep"
"2024-03-19T05:01:31.389+00:00","ecm","","null-4s25l","","Cannot execute null+null. Stacktrace follows:"
"2024-03-19T05:01:31.389+00:00","ecm","","null-4s25l","","org.codehaus.groovy.grails.web.pages.exceptions.GroovyPagesException: Error processing GroovyPageView: Cannot execute null+null at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)Caused by: java.lang.NullPointerException: Cannot execute null+null at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp$_run_closure2.doCall(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:208) at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.run(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:301) ... 7 more"
"2024-03-19T05:01:30.564+00:00","ecm","error.ErrorController","http-nio-8080-exec-603-4s25l","ERROR","Exception"
"2024-03-19T05:01:31.389+00:00","ecm","","null-4s25l","","org.codehaus.groovy.grails.web.errors.GrailsWrappedRuntimeException: Cannot execute null+null at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)Caused by: org.codehaus.groovy.grails.web.pages.exceptions.GroovyPagesException: Error processing GroovyPageView: Cannot execute null+null ... 7 moreCaused by: java.lang.NullPointerException: Cannot execute null+null at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp$_run_closure2.doCall(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:208) at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.run(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:301) ... 7 more"
03/19/2024 08:14 AM
@rushikeshvartak : Hope you have select expression language as Groovy if not please select the same and try again
03/19/2024 08:37 PM
Yes
03/20/2024 07:09 AM
@rushikeshvartak : Somehow null is coming from this expression. Was the request getting created? What exactly is the behaviour?
03/20/2024 10:50 PM - edited 03/20/2024 10:52 PM
Request id is not generated
03/22/2024 08:05 AM
Below working in v24.x
String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USERRANKJSON')).count(':[1]')==1 and ! (String.valueO(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEYADDED')).contains(',')) and ! (String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey)).contains('USERGROUPOWNERKEYADDED'))
03/22/2024 01:34 PM
@rushikeshvartak : Yes in newer version looks like saviynt introduced in array in userrankjson so had to change to condition as below also in old condition looks user com object is used which is also causing the issue
String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USERRANKJSON')).count(':[1]')==1 and !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEYADDED')).contains(',')) and !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey)).contains('USERGROUPOWNERKEYADDED'))