Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Updating role owners with analytics

ekorh
Regular Contributor
Regular Contributor

Hi,

I have created an analytic report that fetches usernames per role who are not their owners but should be according to certain criteria. The analytics should be run daily and any new username in the report should be added to their corresponding role(s) as owner.

How could I achieve this automation inside Saviynt?

Can I use e.g. REST connector importuserJSON and in call1 get the data with runtime analytics and in the call2 use the data from previous call and pass them towards updateEnterpriseRoleRequest api? This way I could schedule a job to run daily to handle this.

Thanks already in advance!

10 REPLIES 10

rushikeshvartak
All-Star
All-Star

Yes you can use Sav4Sav connector and update role owner. Keep Report as runtime.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

I have created the analytics, connector and job. When I run the job it always ends with error: Cannot invoke method containsKey() on null object.

At first I have been trying to update at least the first role record that comes when you query the runtime analytics api.

Here is the json I'm using in the importuserjson (some info deleted for security reasons):
{
"type": "multiCall",
"call": [
{
"name": "call1",
"connection": "auth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "",
"httpParams": "{\"analyticsid\": \"\"}",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}"
},
"userResponsePath": "result",
"colsToPropsMap": {
"username": "USERNAME~#~char"
},
"httpContentType": "application/json",
"pagination": {
"offset": {
"offsetParam": "offset",
"batchParam": "displaycount",
"batchSize": 50,
"totalCountPath": "completeResponseMap.total"
}
}
},
{
"name": "call2",
"connection": "auth",
"url": "",
"httpMethod": "POST",
"httpParams": "{\"role_name\":\"${response.call1.message.result[0].rolename}\",\"roletype\":\"APPLICATION\",\"owner\":[{\"ownerName\":\"${response.call1.message.result[0].ownerfirstname + '.' + response.call1.message.result[0].ownerlastname}\",\"updateType\":\"ADD\",\"rank\":\"1\"}]}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"message": "User Updated Successfully",
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409,
412
]
}
}
]
}

 

The funny thing is, with the same httpParams in call2, I have been able to update role owners using the first record in the analytics if I put this to UpdateUserJson in the same REST connector. 
However, for us it would be more convenient if we could trigger the role owner update in the importUserJSON since then we could schedule a job to take care of this.

 

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

Here are few screenshots of the logs.

Job log:

roleOwner1.png

Log entries related to the error on job log (calling call2 in json?):

logs2logs2

Log entries related to the job log (calling call1 in json?):

logs1logs1

I have checked everything and the user in the connectionJSON has all necessary accesses in the SAV Role, and like I mentioned in the first message when I replicate this scenario with UpdateUserJSON there is no issue at all.

Thanks already again!

Does it works from postman


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

Yes, login, fetching runtime analytics content and provisioning towards updateenterpriserole API all work ok from Postman.

Please provide screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi, Here are screenshots of Postman test calls.

Screenshot 2024-05-28 092032.pngScreenshot 2024-05-28 092420.pngScreenshot 2024-05-28 092750.png

 

I've been going through logs and it seems to me now that the importUserJSON is unable to parse the groovy code in this section:
"httpParams": "{\"role_name\":\"${response.call1.message.result[0].rolename}\",\"roletype\":\"APPLICATION\",\"owner\":[{\"ownerName\":\"${response.call1.message.result[0].ownerfirstname + '.' + response.call1.message.result[0].ownerlastname}\",\"updateType\":\"ADD\",\"rank\":\"1\"}]}",

Which is weird since this exact same structure provides successful results in UpdateUserJSON.

Can you share logs in file with showlogs=true to see results of API from Import JSON


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

Due to security reasons I can't share log files here. It would be too much data to go through and anonymize before I could upload the file here.

But following can be seen in logs:
Inside updateEnterpriseRoleRequest Webservice
Params are [controller:restfulv5, action:updateEnterpriseRoleRequest, role_name:${response.call1.message.result[0].rolename}, owner:[[ownerName:${response.call1.message.result[0].username}, rank:1, updateType:ADD]], roletype:APPLICATION, requestor:omitted, max:50]
Role not found..

When actually, the role does exist since it is fetched to the analytics from saviynt by saviynt.