and more in a single search tool across platforms. Read the announcement here. |
03/27/2024 02:40 PM
I'm trying to upload Entitlements (database roles) into an endpoint (database). Some of them have already been loaded when the DB accounts were loaded, by means of ACCOUNTSIMPORT/AccountsImportFullJob, but not all of the roles have been assigned to DB Users accounts so, need to upload those remaining DB roles as Entitlements into the Endpoint.
I've been reading the documentation and in forums however I'm still not able to upload them. I'm using the below ENTITLEMENTVALUEIMPORT XML:
<dataMapping>
<sql-query description="Import_DB_roles_query">
<![CDATA[select 'WDB' as securitysystem, 'WDB' as endpoint, 'Roles' as entitlementtype, role as entitlementvalue from dba_roles where role like 'APP%' and role not like '%RENEW%';]]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" deleteentitlementowner="false" createentitlementtype="true">
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"/>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"/>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="entitlementtype" type="character"/>
<mapfield saviyntproperty="entitlementvalues.entitlementvalue" sourceproperty="entitlementvalue" type="character"/>
</mapper>
</dataMapping>
I know the SQL statement is correct and fine, I've ran it in the actual DB and it does run and get the appropriate data. I actually, just to test, used the accounts import statement -which I know Saviynt used it to import the accounts and it did work because the accounts are there so it's good-, and got the same result.
I'm obviously missing something basic here and it's not in the SQL query, I may be missing an option, a parameter... thanks for your help!
Solved! Go to Solution.
03/27/2024 07:38 PM - edited 03/28/2024 07:18 PM
<dataMapping>
<sql-query description="Import_DB_roles_query">
<![CDATA[select 'WDB' as securitysystem, 'WDB' as endpoint, 'Roles' as entitlementtype, role as entitlementvalue 1 as state from dba_roles where role like 'APP%' and role not like '%RENEW%']]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" deleteentitlementowner="false" createentitlementtype="true">
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"/>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"/>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="entitlementtype" type="character"/>
<mapfield saviyntproperty="entitlementvalues.entitlementvalue" sourceproperty="entitlementvalue" type="character"/>
<mapfield saviyntproperty="entitlementvalues.status" sourceproperty="state" type="number"/>
</mapper>
</dataMapping>
03/27/2024 08:18 PM
try below
<dataMapping>
<before-import ></before-import>
<sql-query description="Import_DB_roles_query">
<![CDATA[select 'WDB' as securitysystem, 'WDB' as EndpointName, 'Roles' as entitlementtype, role as entitlementvalue from dba_roles where role like 'APP%' and role not like '%RENEW%']]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" deleteentitlementowner="false" createentitlementtype="true" systems ="'WDB'" >
<mapfield type="character" sourceproperty="securitysystem" saviyntproperty="securitysystems.systemname" ></mapfield>
<mapfield type="character" sourceproperty="EndpointName" saviyntproperty="endpoints.endpointname" ></mapfield>
<mapfield type="character" sourceproperty="Application" saviyntproperty="entitlementvalues.customproperty7" ></mapfield>
<mapfield type="character" sourceproperty="entitlementtype" saviyntproperty="entitlementtypes.entitlementname" ></mapfield>
<mapfield type="character" sourceproperty="entitlementvalue" saviyntproperty="entitlementvalues.entitlement_value" ></mapfield>
</mapper>
<after-import description="EMAIL,BATCH,SQL" ></after-import>
</dataMapping>
03/28/2024 10:16 AM
Thank you guys for your response... none of them worked. Any more thoughts?
03/28/2024 11:06 PM
here you endpoointname and security system name shud be same as per xml, not displayname
03/28/2024 11:40 AM
@SDBeltran : Could you try below.
<dataMapping>
<before-import></before-import>
<sql-query description="Import_DB_roles_query">
<![CDATA[SELECT DISTINCT 'WDB' as securitysystem, 'WDB' as endpoint, 'Roles' as entitlementtype, role as entitlementvalue, 1 as status from dba_roles where role like 'APP%' and role not like '%RENEW%']]>
</sql-query>
<mapper description="This is the mapping field for Saviynt Field name" deleteentitlementowner="false" createentitlementtype="true">
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="entitlementtypes.entitlementname" sourceproperty="entitlementtype" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.entitlement_value" sourceproperty="entitlementvalue" type="character"></mapfield>
<mapfield saviyntproperty="entitlementvalues.status" sourceproperty="status" type="number"></mapfield>
</mapper>
<after-import description="EMAIL,BATCH,SQL">
</after-import>
</dataMapping>
03/29/2024 10:30 AM - last edited on 03/29/2024 10:46 AM by Dave
Found that this is similar to issue reported in forum: https://forums.saviynt.com/t5/identity-governance/entitlementvalueimportjob-got-failed/td-p/78162 anybody would have any update?
[This post has been edited by a Moderator to fix the url.]
03/29/2024 11:11 AM
Use sample xml from below post
03/29/2024 11:57 AM
Thanks @rushikeshvartak! I'm basically using the same XML -- I was not using entitlementID to begin with... I do notice that post was from more than a year ago, I wonder what version that was. Any way, I made a few changes, just to make sure, and I'm still getting an error:
No such property: for class: groovy.sql.GroovyRowResult Possible solutions: class, empty |
03/29/2024 08:12 PM
Does any value contains colon ?
04/01/2024 01:32 PM
I'm sorry... was having issues logging in to this forum... answering your question... no, no column contains a colon at all.
04/01/2024 01:34 PM
I will suggest to start xml build from scratch from samples . You have some typos
04/01/2024 01:52 PM
You were right! I had exactly two typos - one typo in one word, but that word was used twice in the XML. I'm done! That did it. Thank you guys!!!