and more in a single search tool across platforms. Read the announcement here. |
03/02/2024 12:52 AM
Hi,
By right on access import failure, we want to retain the entitlements status and not inactivate them.
I have followed previous guides from link, https://forums.saviynt.com/t5/identity-governance/rest-connector-all-entitlements-inactivated-in-sav...
and constructed below JSON using doNotChangeIfFailed and entThresholdValue but still my entitlements getting deactivated upon running access import on failure scenario.
{
"accountParams": {
"connection": "userAuth2",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [200,201,202,203,204,205]
},
"unsuccessResponses": {
"statusCode": [500,503,403,404,409]
},
"statusAndThresholdConfig": {
"statusColumn":"customproperty1",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 200000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true,
"entThresholdValue": {
"entType": {
"AribaGroupResponsiblePU": {
"ent": 100
}
}
}
},
"doNotChangeIfFailed": true,
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "xxxx",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "UserID~#~char",
"name": "UserID~#~char",
"displayname": "Name~#~char",
"status": "Active~#~char",
"customproperty1": "Active~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"AribaGroupResponsiblePU": {
"listPath": "AribaGroupResponsiblePU.EntityValue",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "userAuth3",
"processingType": "SequentialAndIterative",
"doNotChangeIfFailed": true,
"successResponses": {
"statusCode": [200,201,202,203,204,205]
},
"unsuccessResponses": {
"statusCode": [500,503,403,404,409]
},
"entTypes": {
"AribaGroupResponsiblePU": {
"entTypeOrder": 1,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "xxxxx",
"httpHeaders": {
"Content-Type": "application/json",
"Accept-Language": "",
"apiKey": "xxxx",
"X-Realm": "xxxx",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "UniqueName~#~char",
"entitlement_value": "UniqueName~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
Solved! Go to Solution.
03/02/2024 12:50 PM
You need to define in status threshold config field and not inside import account ent json
”Found that entThresholdValue need to be defined in StatusThresholdConfig block for the doNotChangeIfFailed tag defined in importAcctEntJson to work as expected. ”
03/03/2024 08:34 PM
Hi,
I have included the mentioned attribute inside of statusAndThresholdConfig as below but my entitlements still getting deactivated.
"statusAndThresholdConfig": {
"statusColumn": "customproperty1",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 200000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true,
"doNotChangeIfFailed": true
},
also, do we need to include entThresholdValue? i have applied as well but not working
Please suggest
03/06/2024 01:56 AM
Hi, any update on this issue?
03/06/2024 04:36 AM
Hi @Micky16 , as per Saviynt doc you need to use it like
"entitlementParams": {
"connection": "userAuth3",
"processingType": "SequentialAndIterative",
"doNotChangeIfFailed": true,
"successResponses": {
"statusCode": [200,201,202,203,204,205]
},
"unsuccessResponses": {
"statusCode": [500,503,403,404,409]
},
"doNotChangeIfFailed": true,
doNotChangeIfFailed | Use this variable to instruct the connector to not delete or inactivate existing data on failure of the account API, the entType API, or the mapping API. When set to true, the connector does not delete or inactivate existing data. |
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.