We’re seeing Access Profiles get disabled because the entitlements they reference are being automatically removed from the APs. I want to confirm whether entitlement aggregation/sync failed to return these entitlements, which may have caused them to be pruned and the APs disabled.
Questions:
What’s the best way to verify (via job history/logs) whether a specific entitlement was returned during the last entitlement aggregation/sync vs. marked deleted?
Can we find this in search that pin points this issue?
Any pointers to exact log locations or diagnostics to run would be greatly appreciated.
GET /v2024/task-status?filters=type in (“CLOUD_GROUP_AGGREGATION”)
Look for your source’s recent entitlement aggregation tasks and check completionStatus.
2. Search for Aggregation Events:
POST /v3/search
{
“indices”: [“events”],
“query”: {
"query": "operation:AGGREGATE AND technicalName:SOURCE_ENTITLEMENT_AGGREGATE_PASSED AND attributes.sourceName:\\"YOUR_SOURCE\\""
}
}
3. Verify Entitlement Deletion:
Search for: operation:DELETE AND type:entitlement AND attributes.sourceName:“YOUR_SOURCE”
Quick Fix: If entitlements were pruned incorrectly, re-run entitlement aggregation from Admin → Sources → [Your Source] → Import Data.
The task status API gives you the clearest picture of whether the aggregation actually succeeded or failed. If it shows “Success” but entitlements are missing, then it’s likely a source connectivity or mapping issue rather than an aggregation failure.