Click HERE to see how Saviynt Intelligence is transforming the industry. |
on 06/10/2023 05:06 AM
Importing Multi-Level Hierarchical Entitlements via REST Connector
Our goal is to import entitlements in a three-level hierarchical structure. The imported entitlements should adhere to the following format:
Below are the entitlement Types and their hierarchy defined.
1. Service
a. Assignment Type
b.Assignment Role
The data should be like below:
1. AD Service
a. Temporary
b. Admin
c.Permanent
d.(i) Add
(ii) Modify
2. DB Service
a. Temporary
b. Delete
c. Permanent
d. Modify
{
"accountParams": {
"connection": "acctAuth"
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Service": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Prefer": "odata.include-annotations=*"
},
"url": "<Provide the URL>",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "value[0].ca_account_ca_service_accountid[0]",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "ca_serviceid~#~char",
"entitlement_value": "ca_name~#~char",
"customproperty1": "_ca_accountid_value~#~char",
"customproperty3": "ca_serviceid~#~char"
},
"pagination": {
<Pagination logic>
},
"makeProcessingStatus": true,
"disableDeletedEntitlements": true
}
}
},
"AssignmentType": {
"entTypeOrder": 1,
"call": {
"call1": {
"callOrder": 2,
"stageNumber": 3,
"http": {
"url": "<Provide the url>",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "_ca_assignmenttypeid_value~#~char",
"entitlement_value": "_ca_assignmenttypeid_value~#~char",
"customproperty1": "_ca_serviceid_value~#~char"
}
}
}
},
"AssignmentRole": {
"entTypeOrder": 2,
"call": {
"call1": {
"callOrder": 2,
"stageNumber": 3,
"http": {
"url": "<Provide the URL>",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "_ca_assignmentroleid_value~#~char",
"entitlement_value": "_ca_assignmentroleid_value~#~char",
"customproperty1": "_ca_serviceid_value~#~char"
}
}
}
}
}
},
"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Service": {
"ent1KeyField": "entitlementID",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "<Provide the URL>",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"ent1IdPath": "_ca_serviceid_value",
"ent2IdPath": "_ca_assignmenttypeid_value",
"ent2KeyField": "entitlementID",
"targetEntType": "AssignmentType",
"addDependentTask": true,
"removeDependentEntTask": true,
"mappingTypes": [
"ENTMAP",
"ENT2"
]
}
}
},
"AssignmentType": {
"ent1KeyField": "entitlementID",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "<Provide the url>",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"ent1IdPath": "_ca_assignmenttypeid_value",
"ent2IdPath": "_ca_assignmentroleid_value",
"ent2KeyField": "entitlementID",
"targetEntType": "AssignmentRole",
"addDependentTask": true,
"removeDependentEntTask": true,
"mappingTypes": [
"ENTMAP",
"ENT2"
]
}
}
}
}
},
"acctEntParams": {}
}
The logic of fetching the data in a hierarchical format is written in the entMappingParams block.
JSON | Explanation |
"entMappingParams": { "processingType": "SequentialAndIterative", "entTypes": {
|
|
"Service": { | It’s the first section of parent child mapping where Service is the parent entitlement. Name of the first level Entitlement Type defined in entitlementParamsà entTypes |
"ent1KeyField": "entitlementID", | Key field of parent entitlement Service |
"call": { "call1": { |
|
"connection": "acctAuth", |
|
"callOrder": 0, "stageNumber": 0, "http": { "httpHeaders": { "Authorization": "${access_token}" }, |
|
"url": "<Provide the URL>", | URL to fetch the mapping of level 1 to level 2 (parent to child) Service à Assignment Type |
"httpContentType": "application/json", "httpMethod": "GET" }, |
|
"listField": "value", | Object Name having data in response. |
"ent1IdPath": "_ca_serviceid_value", | Unique ID pointing to each Service (level1/parent) |
"ent2IdPath": "_ca_assignmenttypeid_value", | Unique ID pointing to each Assignment Type (level2/child) |
"ent2KeyField": "entitlementID", | Key field of child entitlement Assignment Type |
"targetEntType": "AssignmentType", | Name of the child Entitlement Type |
"addDependentTask": true, "removeDependentEntTask": true, |
|
"mappingTypes": [ |
|
"ENTMAP", | It enables bi-directional mapping through entitlementmap, which means you will be able to see the child entitlements in parent entitlement’s entitlementmap section and vice-versa. |
"ENT2"] | It makes the target entitlement type (targetEntType) as a child of current entitlement. So here, Assignment Type would be the child entitlement of Service |
} } }, |
|
"AssignmentType": { | It’s the second section of parent child mapping where AssignmentType is the parent entitlement. Name of the second level of Entitlement Type defined in entitlementParamsà entTypes |
"ent1KeyField": "entitlementID", | Key field of entitlement Assignment Type |
"call": { "call1": { |
|
"connection": "acctAuth", |
|
"callOrder": 0, "stageNumber": 0, "http": { "httpHeaders": { "Authorization": "${access_token}" }, |
|
"url": "<Provide the url>", | URL to fetch the mapping of level 2 to level 3 (parent to child) Assignment Type à Assignment Role |
"httpContentType": "application/json", "httpMethod": "GET" }, |
|
"listField": "value", | Object Name having data in response. |
"ent1IdPath": "_ca_assignmenttypeid_value",
| Unique ID pointing to each Assignment Type (level2/parent) |
"ent2IdPath": "_ca_assignmentroleid_value", | Unique ID pointing to each Assignment Role (level3/child) |
"ent2KeyField": "entitlementID", | Key field of child entitlement Assignment Role |
"targetEntType": "AssignmentRole", | Name of the child Entitlement Type |
"addDependentTask": true, "removeDependentEntTask": true, |
|
"mappingTypes": [ |
|
"ENTMAP", | It enables bi-directional mapping through entitlementmap, which means you will be able to see the child entitlements in parent entitlement’s entitlementmap section and vice-versa. |
"ENT2"] | It makes the target entitlement type (targetEntType) as a child of current entitlement. So here, Assignment Role would be the child entitlement of Assignment Type |
} } } } } |
|
Similarly, if you want to define another level of hierarchy add one more section inside the entMappingParams types with the next level of entitlement type. REST connector is currently supporting till 5-level of hierarchy for entitlements import.
e.g
1.Level1
1.1. Level2
1.1.1. Level3
1.1.1.1. Level4
1.1.1.1.1. Level5
https://docs.saviyntcloud.com/bundle/REST-v55x/page/Content/Developers-Handbook.htm
Hi @sudeshjaiswal,
Thank you for the post it was very useful.
We have tried the json that you have provided, and we have successfully imported the child entitlements but unfortunately, we are unable to import the child entitlements relations. (We are able to import entitlement types but, facing problem with the entitlement hierarchical mapping.)
Please find the attached json that we are trying and postman response.
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxx/hcmCoreSetupApi/scim/Users?startIndex=1&count=500 ",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "Resources",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userName~#~char",
"displayname": "displayName~#~char",
"customproperty1": "name.givenName~#~char",
"customproperty2": "name.familyName~#~char",
"customproperty3": "emails.value~#~char",
"customproperty4": "emails.type~#~char",
"customproperty5": "emails.primary~#~bool",
"customproperty6": "preferredLanguage~#~char",
"customproperty7": "externalId~#~char",
"customproperty11": "active~#~bool",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char",
"status": "active~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.objectList?.size()>0?'https://xxxx/scim/Users?startIndex='+Math.addExact(response.completeResponseMap.itemsPerPage,response.completeResponseMap.startIndex)+'&count='+response.completeResponseMap.itemsPerPage:null }"
}
}
}
},
"acctEntMappings": {
"Roles": {
"listPath": "roles",
"idPath": "id",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://xxxx/hcmCoreSetupApi/scim/Roles?startIndex=1&count=500 ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Resources",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"description": "description~#~char",
"displayName": "displayName~#~char",
"customproperty1": "id~#~char",
"customproperty2": "category~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.objectList?.size()>0?'https://xxxxx/hcmCoreSetupApi/scim/Roles?startIndex='+Math.addExact(response.completeResponseMap.itemsPerPage,response.completeResponseMap.startIndex)+'&count='+response.completeResponseMap.itemsPerPage:null }"
}
},
"makeProcessingStatus": true,
"disableDeletedEntitlements": true
}
}
},
"SecurityContext": {
"entTypeOrder": 1,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxx/fscmRestApi/resources/xx.xx.xx.xx/dataSecurities?fields=SecurityContext,SecurityContextValue,RoleCommonName,RoleNameCr&limit=25&offset=0 ",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "items",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "SecurityContext~#~char",
"entitlement_value": "SecurityContext~#~char"
},
"makeProcessingStatus": true,
"disableDeletedEntitlements": true
}
}
},
"SecurityContextValue": {
"entTypeOrder": 2,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxx/fscmRestApi/resources/xx.xx.xx.xx/dataSecurities?fields=SecurityContext,SecurityContextValue,RoleCommonName,RoleNameCr&limit=25&offset=0 ",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "items",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "SecurityContextValue~#~char",
"entitlement_value": "SecurityContextValue~#~char"
},
"makeProcessingStatus": true,
"disableDeletedEntitlements": true
}
}
}
}
},
"entMappingParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"ent1KeyField": "entitlement_value",
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://xxxxx/fscmRestApi/resources/xx.xx.xx.xx/dataSecurities?fields=SecurityContext,SecurityContextValue,RoleCommonName,RoleNameCr&limit=25&offset=0 ",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "items",
"ent1IdPath": "RoleCommonName",
"ent2IdPath": "SecurityContext",
"ent2KeyField": "entitlementID",
"targetEntType": "SecurityContext",
"addDependentTask": true,
"removeDependentEntTask": true,
"mappingTypes": [
"ENTMAP",
"ENT2"
]
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
Postman Response for : https://xxxx/hcmCoreSetupApi/scim/Roles?startIndex=1&count=500
Postman Response for : https://xxxxx/fscmRestApi/resources/xx.xx.xx.xx/dataSecurities?fields=SecurityContext,SecurityContextValue,RoleCommonName,RoleNameCr&limit=25&offset=0
Thanks,
[This message has been edited by moderator to mask sensitive information]