For an application, we are trying to manually complete one Add access task under ARS request to add a dummy entitlement to user as part of testing in lower environment. If we manually complete the task from Pending Tasks, the entitlement will be present in Entitlement Hierarchy of User account.
But if we are using custom query which completes the task, then entitlement is not getting reflected to the entitlement hierarchy of the user account.
Below are the queries tried.
1. update ars_requests ar, request_access ra, arstasks at,endpoints ed set at.status = 3 where ar.REQUESTKEY = at.REQUESTKEY and ar.REQUESTKEY = ra.REQUESTKEY and ed.endpointkey=at.endpoint and at.tasktype=1 and at.ENDPOINT in (XXX) and at.ENTITLEMENT_VALUEKEY IN (XXXX) and at.status IN (1) and at.requestaccesskey=ra.request_accesskey
arstasks.status = 3,
updatedate = now()
arstasks.entitlement_valuekey in (xxxx)
and arstasks.status in (1)
and arstasks.tasktype in (1)
and arstasks.endpoint in (xxxx)
Note : Please ignore the standard scenario where provisioning jobs are completing the tasks as this is a special testing requirement. And we are using prov jobs for standard entitlements. All we want to know is the difference between manual completion from UI and via Custom query job. Because custom query job completing the tasks, but entitlements are not getting reflected to the account. So, what correction need to be done.
There are multiple transactions that run on the target as well as on IGA whenever a task is completed and apart from the above tables mentioned, the linking of accounts with their entitlements happens on the accounts_entitlements1 table as well which leads to the entitlement hierarchy being displayed on the UI. (This is an insertion statement on the account_entitlements1 table)
In any case, using custom queries to fulfil tasks does not make sense. What is the use case you're trying to achieve with this?
Hi @armaanzahir ,
Thanks for your response. The entire configuration setup is little difficult to explain. But I will provide an overview. This is a REST+Salesforce application setup. Salesforce is used for reconciliation of data and REST is used for provisioning. So, application contains separate connections and endpoints. Even separate REST connectors. One for user provisioning use cases. Other one for contact account(profile) creation. We are having one dummy entitlement (Local Entitlement created in Saviynt)part of the config. We don't want to provision this to the target. Contact account creation and dummy entitlement access is happening as part of one REST connector. At the same time there are specific application entitlements need to be provisioned to the target which is working fine with other connector. In general, we just need this contact account created at the target. Dummy entitlement need to be assigned locally in IGA. So, when user is submitting the ARS request, the dummy entitlement task need to be completed. As per the current setup it is continuing in status 'New'. Rest everything will be completed. So manually trying to complete this. Otherwise because of this pending task, valid entitlements will not be assigned to user.
When we are manually completing the task from 'Pending Tasks' entitlements are added to account. When using custom query, task is completing successfully. But entitlements are not added. So how to to cover the missing part via custom query?