Help with COMPLEX_CRITERIA for Bulk Role Import

Hello everyone,

I´m facing an issue with the latest Roleimporter or with the COMPLEX_CRITERIA I´d like to apply.

The creation of the Role works fine but as soon as I like to assign users to the newly created role I receive the following error message when I run the roleimporter.rb:
error message is :

{“messages”:[{“localeOrigin”:“REQUEST”,“locale”:“en-US”,“text”:“The request was syntactically correct but its content is semantically invalid.”},{“localeOrigin”:“DEFAULT”,“locale”:“en-US”,“text”:“The request was syntactically correct but its content is semantically invalid.”}],“detailCode”:“400.1 Bad request content”,“trackingId”:“xyz”}

The COMPLEX_CRITERIA looks like this:

assignUsersToRole,BRR-CC-2200,COMPLEX_CRITERIA,“{”“children”“: [{”“key”“: {”“property”“: ““attribute.costCenter””,”“type”“: ““IDENTITY””},”“operation”“: ““EQUALS””,”“value”“: ““2200"”},{”“operation””:““OR””,““children””:[{““operation””:““EQUALS””, ““key””:{““type””:““IDENTITY””,““property””:““attribute.sourceName””},““value””:““HRSystem1"”},{”“operation”“:”“EQUALS”“,”“key”“:{”“type”“:”“IDENTITY”“,”“property”“:”“attribute.sourceName”" },““value””:““HRSystem2"”}]}, {”“operation”“:”“OR”“,”“children”“:[{”“operation”“:”“EQUALS”“, ““key””:{”“type”“:”“IDENTITY”“,”“property”“:”“attribute.cloudLifecycleState”“},”“value”“:”“active”“},{”“operation”“:”“EQUALS”“,”“key”“:{”“type”“:”“IDENTITY”“,”“property”“:”“attribute.cloudLifecycleState”" },““value””:““preactive””}]}],““operation””: ““AND””}"

As it should syntactically be correct I´ve checked if it´s also semantically correct and all the inputs I´ve given look correct if I compare it with the SailPoint Search function.

Has anyone an idea, why it isn´t working as expected?
I´d appreciate any help regarding this matter.

Thanks and best
Nils

Hi,

I think something changed with the role criteria. Try to use “stringValue” in place of “value”.

So your JSON should be

“{”“children”“: [{”“key”“: {”“property”“: ““attribute.costCenter””,”“type”“: ““IDENTITY””},”“operation”“: ““EQUALS””,”“stringValue”“: ““2200"”},{”“operation””:““OR””,““children””:[{““operation””:““EQUALS””, ““key””:{““type””:““IDENTITY””,““property””:““attribute.sourceName””},““stringValue””:““HRSystem1"”},{”“operation”“:”“EQUALS”“,”“key”“:{”“type”“:”“IDENTITY”“,”“property”“:”“attribute.sourceName”" },““stringValue””:““HRSystem2"”}]}, {”“operation”“:”“OR”“,”“children”“:[{”“operation”“:”“EQUALS”“, ““key””:{”“type”“:”“IDENTITY”“,”“property”“:”“attribute.cloudLifecycleState”“},”“stringValue”“:”“active”“},{”“operation”“:”“EQUALS”“,”“key”“:{”“type”“:”“IDENTITY”“,”“property”“:”“attribute.cloudLifecycleState”" },““stringValue””:““preactive””}]}],““operation””: ““AND””}".

Also make sure on the double quotes and json format. Check if JSON is correctly formatted. You can patch this payload to one of the role and check before using role importer. It will help you in debugging the issue.

-Abhinov

Hi @kozonek ,

I see a problem with the double quotes. I believe it’s wrapped in the quotes twice and also make sure the quotes are in proper format which the tool accepts. The below url helps in formatting the JSON.
Json Editor
Let me know if this helps!

Thats it!
Thanks a lot. In an older version of the RoleImporter it worked with only the “value”.

Thanks and best
Nils

The double quotes are depending if you open the csv in a text editor or in excel.

But thanks a lot for the link to the JSON Editor, it´s really helpful to bring it in the right format.

Thanks and best
Nils

Glad I was of some help!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.