Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/16/2024 04:02 AM
Hi,
I have created an analytic report that fetches usernames per role who are not their owners but should be according to certain criteria. The analytics should be run daily and any new username in the report should be added to their corresponding role(s) as owner.
How could I achieve this automation inside Saviynt?
Can I use e.g. REST connector importuserJSON and in call1 get the data with runtime analytics and in the call2 use the data from previous call and pass them towards updateEnterpriseRoleRequest api? This way I could schedule a job to run daily to handle this.
Thanks already in advance!
Solved! Go to Solution.
05/16/2024 07:59 PM
Yes you can use Sav4Sav connector and update role owner. Keep Report as runtime.
05/20/2024 02:42 AM - edited 05/20/2024 02:43 AM
I have created the analytics, connector and job. When I run the job it always ends with error: Cannot invoke method containsKey() on null object.
At first I have been trying to update at least the first role record that comes when you query the runtime analytics api.
Here is the json I'm using in the importuserjson (some info deleted for security reasons):
{
"type": "multiCall",
"call": [
{
"name": "call1",
"connection": "auth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"url": "",
"httpParams": "{\"analyticsid\": \"\"}",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}"
},
"userResponsePath": "result",
"colsToPropsMap": {
"username": "USERNAME~#~char"
},
"httpContentType": "application/json",
"pagination": {
"offset": {
"offsetParam": "offset",
"batchParam": "displaycount",
"batchSize": 50,
"totalCountPath": "completeResponseMap.total"
}
}
},
{
"name": "call2",
"connection": "auth",
"url": "",
"httpMethod": "POST",
"httpParams": "{\"role_name\":\"${response.call1.message.result[0].rolename}\",\"roletype\":\"APPLICATION\",\"owner\":[{\"ownerName\":\"${response.call1.message.result[0].ownerfirstname + '.' + response.call1.message.result[0].ownerlastname}\",\"updateType\":\"ADD\",\"rank\":\"1\"}]}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"message": "User Updated Successfully",
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409,
412
]
}
}
]
}
The funny thing is, with the same httpParams in call2, I have been able to update role owners using the first record in the analytics if I put this to UpdateUserJson in the same REST connector.
However, for us it would be more convenient if we could trigger the role owner update in the importUserJSON since then we could schedule a job to take care of this.
05/20/2024 09:51 AM
Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .
‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️
05/21/2024 02:16 AM
Hi,
Here are few screenshots of the logs.
Job log:
Log entries related to the error on job log (calling call2 in json?):
Log entries related to the job log (calling call1 in json?):
I have checked everything and the user in the connectionJSON has all necessary accesses in the SAV Role, and like I mentioned in the first message when I replicate this scenario with UpdateUserJSON there is no issue at all.
Thanks already again!
05/21/2024 11:22 PM
Does it works from postman
05/22/2024 02:15 AM
Hi,
Yes, login, fetching runtime analytics content and provisioning towards updateenterpriserole API all work ok from Postman.
05/22/2024 09:31 PM
Please provide screenshot
05/27/2024 11:53 PM
Hi, Here are screenshots of Postman test calls.
I've been going through logs and it seems to me now that the importUserJSON is unable to parse the groovy code in this section:
"httpParams": "{\"role_name\":\"${response.call1.message.result[0].rolename}\",\"roletype\":\"APPLICATION\",\"owner\":[{\"ownerName\":\"${response.call1.message.result[0].ownerfirstname + '.' + response.call1.message.result[0].ownerlastname}\",\"updateType\":\"ADD\",\"rank\":\"1\"}]}",
Which is weird since this exact same structure provides successful results in UpdateUserJSON.
05/28/2024 11:40 AM
Can you share logs in file with showlogs=true to see results of API from Import JSON
05/29/2024 02:58 AM
Hi,
Due to security reasons I can't share log files here. It would be too much data to go through and anonymize before I could upload the file here.
But following can be seen in logs:
Inside updateEnterpriseRoleRequest Webservice
Params are [controller:restfulv5, action:updateEnterpriseRoleRequest, role_name:${response.call1.message.result[0].rolename}, owner:[[ownerName:${response.call1.message.result[0].username}, rank:1, updateType:ADD]], roletype:APPLICATION, requestor:omitted, max:50]
Role not found..
When actually, the role does exist since it is fetched to the analytics from saviynt by saviynt.
05/29/2024 11:19 PM
add callorder and try
05/30/2024 01:05 AM
Hi,
Still same result with callorder.
06/12/2024 01:22 AM - edited 06/12/2024 01:22 AM
Hi,
In the end I opted out of the initial way proposed in this conversation and did the following instead:
Notes: If you are using the default getRoles API some customization is needed to execute pagination sucessfully if the environment has over 500 roles (https://forums.saviynt.com/t5/identity-governance/v5-getroles-api-pagination/td-p/99103 )
06/12/2024 05:56 AM
Can you share actual configs