Unable to Aggregate Entitlements in Web Service

Hello all. I hope you are all well.

My team and I are going through an issue regarding entitlement aggregation for a Web Services connector that will allow us to add IdentityNow permissions as entitlements. However, in our installation, testing, and aggregations, we are facing an error.

Exception during aggregation of CERT_ADMIN. Reason: javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: could not execute statement

Somewhere down the line, we found that we had three new entitlements added, and they have the capabilities attribute name. The capabilities attribute is used for the identities in the source to determine who has what permissions. So far, the only entitlement given to 11 users in the source is ORG_ADMIN.

excelexample1380×350 26.1 KB

We looked over the entitlement aggregation settings for the source and we are still using the http query suggested to us through API calls. It’s a group aggregation POST API /v3/search?offset=0&limit=50&count=true with content-type as application/json-patch+json

{
	"query": {
		"query": "source.name.exact:IdentityNow AND attribute:assignedGroups"
	},
	"indices": [
		"entitlements"
	],
	"sort": [
		"name"
	],
	"includeNested": false
}

Is there a way we can get rid of these problem entitlements in the source? We tried to upload a new list of entitlements in the source’s entitlements tab, but it couldn’t be removed.

I had a similar situation and could resolve the issue by using a cc/api
POST {{baseUrl}}/cc/api/source/reset/{id} that resets the Aggregated Objetcts in a Source.

*** THIS API DELETES ALL CURRENT AGGREGATED ENTITLEMENTS AND CREATED ACCESS PROFILES FROM THE SOURCE ****

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.