Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Customer property not propagating to Windows accounts

jdfranco
New Contributor III
New Contributor III

Windows and Linux accounts are getting pam-enabled, but we have added the accountVisibilityConfig to customproperty55 for a particular account.

The customproperty55 is being updated to the Linux accounts but not the Windows accounts.

Can anyone check and confirm is the approach is right?

Below are the on-prem connection details:

{
    "Connection": "On-Premise",
    "encryptionMechanism": "ENCRYPTED",
    "EVQuery": "ev.customproperty40='PAM_BOOTSTRAP'",
    "WINDOWS": {
        "defaultCredentialConnection": {
            "connectionName": "Windows_Master_Connection",
            "changeConnectionCredentials": false,
            "MSConnectorVersion": "WINDOWS/1.0"
        },
        "defaultSecuritySystemDetails": {
            "securitySystemName": "new",
            "workflow": "Privilege Access Auto Approved",
            "passwordPolicy": "REMOVED"
        },
        "shareableAccounts": {
            "IDQueryCredentials": "acc.name in ('REMOVED')",
            "IDQueryCredentialless": "acc.name in ('REMVOED')",
            "IDQueryDomainCredentialless": "acc.name in ('REMOVED','REMOVED')",
            "IDQueryDomainCredentials": "acc.name in ('')"
        },
        "processADAccount": "true",
        "sAMAccountNameColumnMapping": "name",
        "reconciledAccountAction": "NONE",
        "domainConnections": "Active Directory Accounts",
        "maxCredSessionRequestTime": "14400",
        "maxCredlessSessionRequestTime": "14400",
        "maxIDRequestableTime": "604800",
        "skipOpenPorts": "true",
        "endpointAttributeMappings": [{
                "column": "accessquery",
                "value": "where users.USERNAME is not null",
                "feature": "endpointAccessQuery"
            },
            {
                "column": "allowChangePassword_sqlquery",
                "value": "AC.ACCOUNTTYPE != 'REMOVED'",
                "feature": "allowChangepasswordquery"
            },
            {
                "column": "customproperty43",
                "value": "PAMDefaultUserAccountAccessControl",
                "feature": "accountVisibilityControl"
            }
        ],
        "endpointPamConfig": {
            "maxInActiveTimeInSec": "181",
            "maxReqExpWarnPeriodInSec": "901",
            "maxSessionLimitInSec": "28801",
            "maxInActiveWarnPeriodInSec": "61",
            "maxConcurrentSession": "10",
            "maxSessionWarnPeriodInSec": "1801"
        },
        "accountVisibilityConfig": {
            "accountCustomProperty": "customproperty55",
            "accountMappingConfig": [{
                    "accountPattern": "REMOVED",
                    "mappingData": "roletest1",
                    "override": "false"
                },
                {
                    "accountPattern": "cpamuser1,cpamuser2",
                    "mappingData": "roletest2",
                    "override": "false"
                }
            ]
        }
    },
    "UNIX": {
        "defaultCredentialConnection": {
            "changeConnectionCredentials": false,
            "connectionName": "LinuxMaster"
        },
        "defaultSecuritySystemDetails": {
            "securitySystemName": "new",
            "workflow": "Privilege Access Auto Approved",
            "passwordPolicy": "REMOVED"
        },
        "actions": {
            "restricted": "yum,sudo,visudo,apt,install,iptables,rm,mkfs,alias,ssh,telnet,scp,kill,shutdown,passwd,cron,traceroute",
            "risky": {
                "high": "file,wget,scp,curl,df,chmod,chown,echo,exit,uname,netstat",
                "medium": "cat,vi,touch,find,history,awk,grep"
            }
       },
        "shareableAccounts": {
            "IDQueryCredentialless": "acc.name in ('REMOVED')",
            "IDQueryCredentials": "acc.name in ('REMOVED')"
        },
        "maxCredSessionRequestTime": "14400",
        "maxCredlessSessionRequestTime": "14000",
        "maxIDRequestableTime": "604800",
        "skipOpenPorts": "true",
        "skipPushKeys": "false",
        "endpointAttributeMappings": [{
                "column": "accessquery",
                "value": "where users.USERNAME is not null",
                "feature": "endpointAccessQuery"
            },
            {
                "column": "allowChangePassword_sqlquery",
                "value": "AC.ACCOUNTTYPE != 'REMOVED'",
                "feature": "allowChangepasswordquery"
            },
            {
                "column": "customproperty43",
                "value": "PAMDefaultUserAccountAccessControl",
                "feature": "accountVisibilityControl"
            }
        ],
        "endpointPamConfig": {
            "maxConcurrentSession": "100"
        },
        "accountVisibilityConfig": {
            "accountCustomProperty": "customproperty55",
            "accountMappingConfig": [{
                    "accountPattern": "cpam_credentials",
                    "mappingData": "roletest1",
                    "override": "false"
                },
                {
                    "accountPattern": "cpamuser1,cpamuser2",
                    "mappingData": "roletest2",
                    "override": "false"
                }
            ]
        }
    }

}

 

1 REPLY 1

RMJ
New Contributor III
New Contributor III

it seems like this bug fixed in Release Notes v23.7 (saviyntcloud.com)