and more in a single search tool across platforms. Read the announcement here. |
on 03/22/2023 09:24 AM
A single API is used to Add/Remove access or to Update account. The requirement is to ensure the existing entitlements can be retained and only the selected entitlement is removed as part of Remove Access request.
All
We need to use the format similar to below in order to achieve the UC. Attached complete JSON for ref
\"Roles\":[${List roleNameList = response.name_of_call1.message.User.Roles.collect{it.toString()}; roleNameList.remove(entitlementValue.entitlement_value.toString());String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','');return rolesStr;}]
NOTE: In the reference JSON, we are using 3 calls.
1st - to retrieve user's Id
2nd - We are using ID value received in Call1 to fetch the details of the user.
3rd - Using the remove function to remove the selected roles/entitlements.
@SB thank you for posting this. Please can you advise how to do this if Roles has a Key-Value pair? like
"roles":[
{
"display":null,
"primary":false,
"$ref":null,
"type":null,
"value":"Role_Value"
}
]
@shivmano This may require some analysis. Can you create a forum post with all the details.
@SB , Thank you for the response. we were able to achieve this using the below JSON item in call2.
\"roles\":${List rolesList = new ArrayList();List responseList = response.Role1.message.roles.collect{it.value};if(responseList?.size() == 0){return rolesList;}else{responseList.remove(entitlementValue.entitlement_value);int count=0;int size = responseList.size();for(String str: responseList){count++;rolesList.add('{\"display\": null,\"primary\": false,\"%24ref\": null,\"type\": null,\"value\":\"'+str+'\"}');if(count == size){return rolesList;}}}}
@SB @shivmano , we want to do multiple API call to first get user details and then second API call to add existing plus new requested entitlements . The use case is target application only accepts new + existing entitlements.
The get user call returns:
Can you see if below helps
\"DesignationCodes\": \"{List roleNameList = response.name_of_call1.message.User.Roles.collect{it.toString()};roleNameList.add(entitlementValue.entitlement_value.toString());String rolesStr = roleNameList.join(',');return rolesStr;}\"
@shivmano , thanks I am trying this. I need another help. Can you check this forum link please ??https://forums.saviynt.com/t5/identity-governance/account-entitlement-mapping-for-rest-connector/td-...
@SB @shivmano - I have same requirement but instead of remove access , I need to call update API using updateaccountjson and pass existing roles if there is any update to the account attributes.
I tried below but it always sends roles :[null] even though the first call is getting roles in the response. It seems it always goes to else block. The same if condition works correctly in the addaccess/removeaccess jsons. Please let me know if there is way to achieve this.
{ "call": [ { "name": "Roles", "connection": "userAuth", "url": "https://*****/v1/am/user?email=${account.accountID}", "httpMethod": "GET", "httpParams": "", "httpHeaders": {}, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } }, { "name": "Roles", "connection": "userAuth", "url": "https://*****/v1/am/user", "httpMethod": "PUT", "httpParams": "{\"email\": \"${account.accountID}\",\"firstName\": \"${user.firstname}\",\"lastName\": \"${user.lastname}\",\"isActive\": \"true\",\"phone\": \"${user?.phonenumber}\",\"roles\": [${if(response?.Roles1?.message?.roles!=null) {List roleNameList = response.Roles1.message.roles.collect{it.toString()};String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','');return rolesStr;}}]}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } } }
If I try with size() in if condition then it fails with error unrexognized token $
{ "call": [ { "name": "Roles", "connection": "userAuth", "url": "https://******/v1/am/user?email=${account.accountID}", "httpMethod": "GET", "httpParams": "", "httpHeaders": {}, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } }, { "name": "Roles", "connection": "userAuth", "url": "https://*****/v1/am/user", "httpMethod": "PUT", "httpParams": "{\"email\": \"${account.accountID}\",\"firstName\": \"${user.firstname}\",\"lastName\": \"${user.lastname}\",\"isActive\": \"true\",\"phone\": \"${user?.phonenumber}\",\"roles\": [${if(response?.Roles1?.message?.roles.size()!=0) {List roleNameList = response.Roles1.message.roles.collect{it.toString()};String rolesStr = roleNameList.toString().replace('[','').replace(']','').replace('\"','');return rolesStr;}}]}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401 ] } } ] }