Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

unable to update Provisioning Command dynamically

Shravan
New Contributor
New Contributor

Hi Team,

Is there any way to update provisioning command with different entitlement dynamically at AWS Instance connection.

Regards,

Shravan

2 REPLIES 2

NageshK
Saviynt Employee
Saviynt Employee

@Shravan Thanks for posting your question. Please provide some context on the target for which you are trying to update the provisioning command and the use case you are trying to achieve. 

Thanks,

Nagesh K

Shravan
New Contributor
New Contributor

we have a requirment to provision user with admin rights and without admin rights based on user entitlements. we have multiple entitlements defined for each AWS instance,

we are trying with below provisioning command it is working if user is part of CPAM_DataLake_Admins,CPAM_LinuxAdmins,CPAM_PlatformAdmins three groups user is created with Admin Privileges, if not user provisioned without admin privileges.

{"unix":{"command":"if [[ \"${queryParam?.get(0)?.entitlement_value}\" == *\"view\"* ]];then sudo useradd -m -s /bin/bash ${username} -g users ;else sudo useradd -m -s /bin/bash ${username} -c ${user?.lastname}.${user?.firstname}/${user?.email} -g users && echo  ${username}:${password} | sudo chpasswd && sudo usermod -G cpamgrp ${username};fi","queryParam": "SELECT IFNULL((select u.username from users u ,user_accounts ua, account_entitlements1 ae1, entitlement_values ev, entitlement_types et,accounts ac WHERE u.userkey = ua.userkey and u.statuskey = 1 and ua.accountkey = ac.accountkey and ae1.accountkey = ac.accountkey and ae1.ENTITLEMENT_VALUEKEY = ev.ENTITLEMENT_VALUEKEY and ev.entitlementtypekey = et.entitlementtypekey and et.endpointkey = (select endpointkey from endpoints where displayname = 'XXXXNA Groups - CPAM') and ev.displayname IN ('CPAM_DataLake_Admins','CPAM_LinuxAdmins','CPAM_PlatformAdmins') and u.username = '${user.username}' limit 1), 'view') as 'entitlement_value'"}}

We have onboarded 1500 AWS instances, we are targeting to onboard 8500 AWS instances and each instance will have different CPAM entitlement to be added in provisioning command. is there any way to update cpamentitlement or entitlementname dynamically in provisioning command while onboarding as provisioning command is updating from master connection.