Hello there,
I’m currently creating a workflow to automaticaly add new access (roles, access profiles, and entitlements) to a given segments.
It first use a Get Access action, following a search to only get the one we want in the segment and that are not yet in the segment, then before calling another workflow that will do the action following the Sailpoint recursive workflow documentation, we send a notification with the list of access that will be patched.
Of course, in case where there are no new eligible access, we do not want to send the email.
I’ve tried to use a verify data type on the output of the get access to test if it exists/if it is null. But for both I’m having the same mistake on the operator : invalid character.
I’ve tried different values: $.getAccess.accessItems, $.getAccess.accessItems[0], $.getAccess.accessItems[0].id
for each of these test, the problematic character was the 23th one.
$.getAccess.accessItems was selected by the Open Variable Selector button.
Does anyone see something I might have missed?
Thank you.
I did face the similar error with Verify Data type with both exists and null operations. As an alternative, you can use compare numbers operator by comparing the length of the expected output to zero if there is no access and stop sending the email accordingly.
Can you also detail the get access logic you have used, or sample response, i can suggest if anything is wrong in the given json path. But do try out compare numbers, it can also work for a similar situation.
You can also try using https://developer.sailpoint.com/docs/api/beta/list-identity-access-items in HTTP request action for getting list of all access items, then use compare number operator to compare content-length header value with number(for example content-length greater than 4, if content-length is equal to 4 then response is null otherwise there is response with access items).
I’ve tested and it is working for me.
I have tried what you adviced, but did not manage to make it work.
I need a list of access that may not be used yet, so I can’t use an endpoint that give the access of an identity. Thus the use of either Get Access or search querry.
I don’t have the content-length attribute in the header. I added the count=true and got the X-Totat-Count in the http response header, but can’t use it in the compare number.
Hello there,
Yes, I’ve also tested with $.hTTPRequest1.headers.X-Total-Count[0] for both the compare string and compare numbers too. Here is the output of the search: output-search.txt (1.6 KB)
I’m using the search endpoint and filtering on the indices entitlements, access profiles, and roles.
For the time being I do not send any notif, which allow me to not use the compare data type.
But it will be back on the menu later. As such I’m happy to see another advice.
I will try this as soon as I can.
The accessItems property of Get Access is an array, so it will always exist. The correct comparison to use in this scenario is “Compare Numbers”. You will set it up like so. There is a small bug in that you must first increase the value 2 to any other number and then set it back to 0. If you don’t do this, the validator will complain.
If you are still getting the invalid character error, your workflow logic may be in a bad state and you might have to build it from scratch. You can try creating a brand new workflow first and see if these steps work for you.
