Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service Account Owner Restriction

Go to solution
Saavi
New Contributor
New Contributor

‎03/13/2024 02:07 PM - edited ‎03/13/2024 02:09 PM

Hi team,

We want to restrict the functionality of adding multiple owners while creating or modifying the service account because in Azure AD only one owner is supported. How can we achieve this? 

If we cannot restrict, we want to reject requests in the Workflow when more than one owner is selected while creating a new account or more owners are added without removing the existing one.

Please suggest me on this.

Any help on this is appreciated.

Labels:
0 Kudos
10 REPLIES 10

Go to solution
adarshk
Saviynt Employee
Saviynt Employee

‎03/15/2024 02:01 AM

Are you able to provision the service account with single owner? 

0 Kudos

Go to solution
Saavi
New Contributor
New Contributor

‎03/18/2024 06:53 AM

Yes, I am able to provision service account with a single owner.

0 Kudos

Go to solution
sk
All-Star
All-Star
In response to Saavi

‎03/18/2024 02:08 PM

@Saavi : You have to handle that in your WF. If user added more than one owner reject the request.

Below is sample logic you can use where if will allow only one Rank 1 User of type user.

String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USERRANKJSON')).count(':1')==1 and  !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEYADDED')).contains(',')) and !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey)).contains('USERGROUPOWNERKEYADDED'))


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to sk

‎03/18/2024 10:04 PM

"2024-03-19T05:01:30.533+00:00","ecm","services.RoleversionService","http-nio-8080-exec-603-4s25l","DEBUG","requestType:3 addset---null null"
"2024-03-19T05:01:30.533+00:00","ecm","services.RoleversionService","http-nio-8080-exec-603-4s25l","DEBUG","All ARS in a batch: []"
"2024-03-19T05:01:30.533+00:00","ecm","services.RoleversionService","http-nio-8080-exec-603-4s25l","DEBUG","session.evaluaterolesod = null"
"2024-03-19T05:01:30.536+00:00","ecm","services.WorkflowService","http-nio-8080-exec-603-4s25l","DEBUG","procIdList: [null]"
"2024-03-19T05:01:30.544+00:00","ecm","errors.GrailsExceptionResolver","http-nio-8080-exec-603-4s25l","ERROR","NullPointerException occurred when processing request: [POST] /ECM/workflowmanagement/createrequestfinalstep"
"2024-03-19T05:01:31.389+00:00","ecm","","null-4s25l","","Cannot execute null+null. Stacktrace follows:"
"2024-03-19T05:01:31.389+00:00","ecm","","null-4s25l","","org.codehaus.groovy.grails.web.pages.exceptions.GroovyPagesException: Error processing GroovyPageView: Cannot execute null+null at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)Caused by: java.lang.NullPointerException: Cannot execute null+null at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp$_run_closure2.doCall(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:208) at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.run(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:301) ... 7 more"
"2024-03-19T05:01:30.564+00:00","ecm","error.ErrorController","http-nio-8080-exec-603-4s25l","ERROR","Exception"
"2024-03-19T05:01:31.389+00:00","ecm","","null-4s25l","","org.codehaus.groovy.grails.web.errors.GrailsWrappedRuntimeException: Cannot execute null+null at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)Caused by: org.codehaus.groovy.grails.web.pages.exceptions.GroovyPagesException: Error processing GroovyPageView: Cannot execute null+null ... 7 moreCaused by: java.lang.NullPointerException: Cannot execute null+null at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp$_run_closure2.doCall(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:208) at gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.run(gsp_ECM_workflowmanagementcreaterequestfinalstep_gsp.groovy:301) ... 7 more"


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
sk
All-Star
All-Star
In response to rushikeshvartak

‎03/19/2024 08:14 AM

@rushikeshvartak : Hope you have select expression language as Groovy if not please select the same and try again


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to sk

‎03/19/2024 08:37 PM

Yes 

rushikeshvartak_0-1710905846301.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
sk
All-Star
All-Star
In response to rushikeshvartak

‎03/20/2024 07:09 AM

@rushikeshvartak : Somehow null is coming from this expression. Was the request getting created? What exactly is the behaviour?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to sk

‎03/20/2024 10:50 PM - edited ‎03/20/2024 10:52 PM

Request id is not generated 

rushikeshvartak_0-1711000342180.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to rushikeshvartak

‎03/22/2024 08:05 AM

Below working in v24.x

String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USERRANKJSON')).count(':[1]')==1 and ! (String.valueO(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEYADDED')).contains(',')) and ! (String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey)).contains('USERGROUPOWNERKEYADDED'))


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
sk
All-Star
All-Star
In response to rushikeshvartak

‎03/22/2024 01:34 PM

@rushikeshvartak : Yes in newer version looks like saviynt introduced in array in userrankjson so had to change to condition as below also in old condition looks user com object is used which is also causing the issue

String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USERRANKJSON')).count(':[1]')==1 and  !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey).get('USEROWNERKEYADDED')).contains(',')) and !(String.valueOf(dynamicAttributesReqAccess.get(requestaccesskey)).contains('USERGROUPOWNERKEYADDED'))


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
Copyright © 2024 Khoros, LLC