Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Binding Variables for Privileged Access Request

mgra
New Contributor III
New Contributor III

Hello,

Has anyone had an idea why the following variables are not working for the body of the email template? The email is being applied to Emergency Access ID Request Workflow and Emergency Access ID Access Request Workflow but every time I request privileged access, I'm getting a different output.

${endpoint}
${endpoints}
${endpointDisplayName}
${endpointname}
${securitysystem}
${accountname}
${account}
${account_password}
${account_name}
${request_access.comments}
${resourceid}
${account.name}
${accounts?.name}
${ACCOUNTNAME}
${requesttype}
${num.startdate}
${num.enddate}
${com.saviynt.ecm.identitywarehouse.domain.Accounts.get(num.accesskey)?.endpointkey?.displayName}
${com.saviynt.ecm.identitywarehouse.domain.Accounts.get(num.accesskey)?.name }
 

graceandrade_0-1677760428326.png

Here's the sample logs:

"ecm-worker","2023-03-02T08:25:00.785+00:00","{"log":"2023-03-02 08:25:00,388 [quartzScheduler_Worker-10] ERROR mail.EmailHistoryService - Error - No such property: endpointDisplayName for class: SimpleTemplateScript1312 While evaluating bodyofemail for ID - 2227\n","stream":"stdout","time":"2023-03-02T08:25:00.388176039Z"}"

I'm expecting the following output on the email.

graceandrade_1-1677761346152.png

 

 

3 REPLIES 3

Saathvik
All-Star
All-Star

You can use below variable in email template to understand what variables are exposed. Can you please share the output by using below command in email template?

${this.binding.variables.each {k,v -> println "$k = $v" + "<" + "br" + ">"}}

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

mgra
New Contributor III
New Contributor III

Below is the output:

entitlements = []
request = com.saviynt.ecm.workflow.ARS_Requests : 1034
jbpm_activity_name = Grant
exceptionCount = 0
allApproversComments = null
fullhtmlassignedrows =
requestkey = 1470986
roles = null
rejectedByMap = [:]
fullrowhtmltablerows =
out = java.io.PrintWriter@23e518f3
listofallrolesinrequest = []
assigneemanager = xxxxx.xxxxxx
requesttype = Firefighter ID Authorization
dynamicAttrsList = []
entitlementshtmltablerowsv2 =
approvallink = null/jbpmworkflowmanagement/showrequestdetails/PAMAutoApprovalWF.1470986
allrolesinrequest =
requestlink = null/jbpmworkflowmanagement/showrequestdetails/PAMAutoApprovalWF.1470986?reqid=1034
email =
endpoints = ()
entitlementshtmltablerows =
allRejectorsComments = null
rolesshtmltablerows =
manager = xxxxx.xxxxxx
approvedByMap = [:]
rolesApprovedOrRejected = []
rolename =
request_access = com.saviynt.ecm.workflow.Request_Access : 1459
entitlement_values = []
allApprovers = []
requestor = xxxxx.xxxxx
users = xxxxxx.xxxxxxx
allRejectors = []
task = null
requestid = 1470986
rolemap = [:]
baseUrlForEmail = https://xxxxxxxxxx.saviyntcloud.com/ECM
assignee = xxxxxxx.xxxxxx
activityname = Grant
accounts = []
user = xxxxxx.xxxxxxx
curExecutionId = PAMAutoApprovalWF.1470986
accessItems = [com.saviynt.ecm.workflow.Request_Access : 1459]

I assume these are for credential account need authorization and check out right? not for JIT account?

If so I assume you are looking below attributes to be populated

  1. Application : ${request.endpointascsv} or ${com.saviynt.ecm.identitywarehouse.domain.Accounts.get(request_access.accesskey)?.endpointkey?.displayname}
  2. Account: ${com.saviynt.ecm.identitywarehouse.domain.Accounts.get(request_access.accesskey)?.name}
  3. Start Date: ${request_access.startdate}
  4. End Date: ${request_access.enddate}

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.