Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

[REST CONN]: Retain existing entitlements and only remove selected entitlement

SB
Saviynt Employee
Saviynt Employee

on ‎03/22/2023 09:24 AM

Use Case

 

A single API is used to Add/Remove access or to Update account. The requirement is to ensure the existing entitlements can be retained and only the selected entitlement is removed as part of Remove Access request.

In target the Roles are only visible under User's profile in a format similar to below
{
firstName: "Test",
Lastname: "TEST1",
Roles: [11,13,16]
}
 
Expectation: 
 
On submitting a role removal request, we need to retrieve the existing roles the user has from call1 and then remove the role that has been selected as part of the request submitted from UI and send the remaining roles as part of Call2. 
 
Example:
 
User has existing roles [11,14,235] and role 11 was selected from UI request for removal. We need to send body in call2 as [14,235] 
 
 

Pre-requisites

  • Target application should support an API that can help to GET the existing Roles information assigned to the user.

 

Applicable Version(s)

All

 

Solution

 

We need to use the format similar to below in order to achieve the UC. Attached complete JSON for ref

\"Roles\":[${List roleNameList = response.name_of_call1.message.User.Roles.collect{it.toString()}; roleNameList.remove(entitlementValue.entitlement_value.toString());String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','');return rolesStr;}]

  • Here, we are first storing the existing entitlements in a list - roleNameList (green) using the function response.MaxisTV_Roles2.message.User.Roles.collect{it.toString()
  • Next we are using the remove function and passing the selected entitlement for removal in expression roleNameList.remove(entitlementValue.entitlement_value.toString())
  • Then we are using replace function (if needed) to replace any spl character values with the required value String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','')
  • Finally we are calling the function to return the remaining entitlements using return rolesStr;

NOTE: In the reference JSON, we are using 3 calls. 

1st - to retrieve user's Id

2nd - We are using ID value received in Call1 to fetch the details of the user.

3rd - Using the remove function to remove the selected roles/entitlements.

 

Preview file
3 KB
0 Kudos
Comments
shivmano
Regular Contributor III
Regular Contributor III
‎03/28/2023 04:05 AM

@SB thank you for posting this. Please can you advise how to do this if Roles has a Key-Value pair? like 

"roles":[
{
"display":null,
"primary":false,
"$ref":null,
"type":null,
"value":"Role_Value"
}
]

SB
Saviynt Employee
Saviynt Employee
‎08/22/2023 10:18 AM

@shivmano This may require some analysis. Can you create a forum post with all the details.

shivmano
Regular Contributor III
Regular Contributor III
‎08/22/2023 10:22 PM

@SB , Thank you for the response. we were able to achieve this using the below JSON item in call2. 

\"roles\":${List rolesList = new ArrayList();List responseList = response.Role1.message.roles.collect{it.value};if(responseList?.size() == 0){return rolesList;}else{responseList.remove(entitlementValue.entitlement_value);int count=0;int size = responseList.size();for(String str: responseList){count++;rolesList.add('{\"display\": null,\"primary\": false,\"%24ref\": null,\"type\": null,\"value\":\"'+str+'\"}');if(count == size){return rolesList;}}}}

rituparna_pwc
Regular Contributor
Regular Contributor
‎09/29/2023 04:39 AM

@SB @shivmano , we want to do multiple API call to first get user details  and then second API call to add existing plus new requested entitlements . The use case is target application only accepts new + existing entitlements.

 

The get user call returns:

{
    "Users": [
        {
            "EmployeeID""Sav1010",
            "EmployeeName""Saviynt10 User",
            "EmailAddress""Sav1010@test.com",
            "MobileNumber"null,
            "StatusCode""A",
            "LastLoginTime"null,
            "DepartmentName"null,
            "DesignationCodes""SaviyntTesting,SaviyntTesting2"
        }
    ]
}
The add access request payload should take existing Value from DesignationCode got in above response plus add which is requested by User .. We are unable to write the JSON
shivmano
Regular Contributor III
Regular Contributor III
‎09/29/2023 07:42 AM

Can you see if below helps 

\"DesignationCodes\": \"{List roleNameList = response.name_of_call1.message.User.Roles.collect{it.toString()};roleNameList.add(entitlementValue.entitlement_value.toString());String rolesStr = roleNameList.join(',');return rolesStr;}\"

rituparna_pwc
Regular Contributor
Regular Contributor
‎09/29/2023 07:46 AM

@shivmano , thanks I am trying this. I need another help. Can you check this forum link please ??https://forums.saviynt.com/t5/identity-governance/account-entitlement-mapping-for-rest-connector/td-...

piyushm
Regular Contributor II
Regular Contributor II
‎01/04/2024 04:31 PM

@SB @shivmano - I have same requirement but instead of remove access , I need to call update API using updateaccountjson and pass existing roles if there is any update to the account attributes.

I tried below but it always sends roles :[null] even though the first call is getting roles in the response. It seems it always goes to else block. The same if condition works correctly in the addaccess/removeaccess jsons. Please let me know if there is way to achieve this.

 

{ "call": [ { "name": "Roles", "connection": "userAuth", "url": "https://*****/v1/am/user?email=${account.accountID}", "httpMethod": "GET", "httpParams": "", "httpHeaders": {}, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } }, { "name": "Roles", "connection": "userAuth", "url": "https://*****/v1/am/user", "httpMethod": "PUT", "httpParams": "{\"email\": \"${account.accountID}\",\"firstName\": \"${user.firstname}\",\"lastName\": \"${user.lastname}\",\"isActive\": \"true\",\"phone\": \"${user?.phonenumber}\",\"roles\": [${if(response?.Roles1?.message?.roles!=null) {List roleNameList = response.Roles1.message.roles.collect{it.toString()};String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','');return rolesStr;}}]}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } } }

 

If I try with size() in if condition then it fails with error unrexognized token $

{ "call": [ { "name": "Roles", "connection": "userAuth", "url": "https://******/v1/am/user?email=${account.accountID}", "httpMethod": "GET", "httpParams": "", "httpHeaders": {}, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } }, { "name": "Roles", "connection": "userAuth", "url": "https://*****/v1/am/user", "httpMethod": "PUT", "httpParams": "{\"email\": \"${account.accountID}\",\"firstName\": \"${user.firstname}\",\"lastName\": \"${user.lastname}\",\"isActive\": \"true\",\"phone\": \"${user?.phonenumber}\",\"roles\": [${if(response?.Roles1?.message?.roles.size()!=0) {List roleNameList = response.Roles1.message.roles.collect{it.toString()};String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','');return rolesStr;}}]}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } } ] }

Version history
Last update:
‎03/22/2023 09:24 AM
Updated by:
Saviynt Employee
Contributors
Copyright © 2024 Khoros, LLC