Identity - Mapping 2 entilements as a combination

shettyr · August 30, 2022, 3:17pm

Hi All,

We have a scenario where an entitlement is a combination of 2 entitites:

Role
Product

API used to fetch this is : v1/users/{userID}/roles-products
API Output:

"items": [
        {
            "product": {
                "id": "A",
                "name": "Account"
            },
            "role": {
                "id": 1,
                "name": "Preparer"
            }
        },
        {
            "product": {
                "id": "A",
                "name": "Account"
            },
            "role": {
                "id": 10,
                "name": "CFO"
            }
        },
        {
            "product": {
                "id": "A",
                "name": "Account"
            },
            "role": {
                "id": 14,
                "name": "System Admin"
            }
        },
        {
            "product": {
                "id": "D",
                "name": "Journal Document"
            },
            "role": {
                "id": 1,
                "name": "Preparer"
            }
        }

How can we map this response to an identity as an entitlement in below format:

UserID : Product Name - Role Name

With creation of 2 entitlement types: Role and Module (i.e. Product), we see them as separate entitlement rows.

M_rtenH · August 31, 2022, 9:31am

$[items][*][product,role][name]

Would be a valid JSONPath to return both the product and role names but it will return a list and I don’t think IDN would map that to a single field.
You can’t really do any concatenation within a JSONPath expression (unless IDN uses JayWay JSONPath implementation?) so you’d need to have this logic outside of the aggregation. An AfterOperation rule would likely be able to accomplish this but I’m not the best person to ask about rules

shettyr · August 31, 2022, 12:12pm

Thank you @M_rtenH for the reply. Indeed the above JSONPath cannot be mapped to a single field. We see field value to be blank when tried to map it as advised above.

Also with above setup, please see my original post, we see records 2 times in Entitlements tab. How can this be addressed ?

M_rtenH · August 31, 2022, 12:58pm

Did you change the entitlement schema and re-import? That could cause duplicate entries.

If you want to clean it up, you’d need to reset the source via POST https://<org>.identitynow.com/cc/api/source/reset/<sourceID_from _URL>?skip=<value>
where value for the ‘skip’ parameter can be accounts, entitlements or none.

Topic		Replies	Views
Multidimensional Entitlement Management ISC Discussion and Questions webservice-connector , identity-security-cloud	4	207	March 10, 2024
Adding entitlements directly to roles with the bulk role importer tool ISC Discussion and Questions apis , identity-security-cloud , roles , entitlements	3	130	April 16, 2024
Entitlement Aggregation ISC Discussion and Questions	1	936	July 19, 2023
User with Multiple Entitlements from Delimited File ISC Discussion and Questions identity-security-cloud , flat-file-connector , entitlements	6	281	January 26, 2024
Getting error while doing the entitlement aggregation for JDBC application ISC Discussion and Questions identity-security-cloud , entitlements	3	132	March 19, 2024

Identity - Mapping 2 entilements as a combination

Related Topics