Update entitlement

Hello everyone,
We’ve a requirement to update the account, if there is a change in email, first name, last name and if there is request for new access (in the form of access profile), then it should remove the old access profile entitlements and add the new access profile entitlements. We have 2 types of entitlement security role and dataSecurityGroupName(multivalued attribute)
Eg Access profile 1 – SR1, DS1, DS2
Access profile 2 – SR2, DS3
Access profile 3 – SR1, DS1
If we request new access profile, it should have the entitlements, which is the new access profile, not the old access profile entitlements.
I’ve written a before operation rule to update account http operation, which is working fine for the direct identity attributes update firstname, lastname and email, but when we try to do new access profile request it is ending up with the below error. I’m having the rule attached to only update account and the Add entitlement – security role, Add entitlement – datasecuritygroup http operation is created, but not sure are these operations neccessary
Exception while updating account.Url: https://cloud2-sbox-irapi.highradius.com/api/iam/v1/users, Message: 400 : Bad Request : {“message”:[“Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY)”],“statusCode”:“BAD_REQUEST”,“data”:null,“status”:“Failed”}, HTTP Error Code: 400,
Exception while updating account.Url: https://cloud2-sbox-irapi.highradius.com/api/iam/v1/users, Message: 500 : Something went wrong. Please contact Support Team, HTTP Error Code: 500
Below is the update account code. The same API is used for updating the account, entitlement. There are couple of attributes are mandatory for update API, so I’m fetching the value from get user API and comparing about the provisioning plan, if any change then take the value from provisioning plan, if not use the get user API value. To verify the issue, I’m not seeing any ccg logs. Can someone guide, is there any issue with the code or the configuration

Below is the JSON body
{
“user”: [
{
“firstName”: “Aaron”,
“lastName”: “Teel”,
“defaultMenu”: “Deductions”,
“loginType”: “SSO”,
“functionalRole”: “Account Admin”,
“languageId”: “en”,
“active”: true,
“dataSecurityGroupName”: “BHC-0353-SEC-GROUP,BCS-1994-SEC-GROUP”,
“userName”: “EIJRM”,
“securityRole”: “DMS Approver”,
“email”: “[email protected]
}
]
}
update account backup (11.7 KB)

To this question if you have 2 entitlement types then you need to have two Add Entitlement operations.

Coming to the error it looks like you are trying to assign JsonArray to a String and use it directly. Convert it to JsonArray first and read the data

@udayputta

I’ve created 3 rules one attached to update account operation, where its checking the firstname, lastname and email changes(direct identity attribute) which is working fine.

For other 2 entitlements I’ve added the logic to update the same API, looks like in target system getting updated properly, but in IDN its not and giving error as for datasecuritygroup entitlement, which is multivalued

[“Exception while updating account.Url: https://cloud2-sbox-irapi.highradius.com/api/iam/v1/users, Message: 400 : Bad Request : {"message":["Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY)"],"statusCode":"BAD_REQUEST","data":null,"status":"Failed"}, HTTP Error Code: 400”]

and for the security role the error is

[“Exception while updating account.Url: https://cloud2-sbox-irapi.highradius.com/api/iam/v1/users, Message: 400 : Bad Request : {"message":["Unexpected character (\u0027D\u0027 (code 68)): was expecting comma to separate Object entries"],"statusCode":"BAD_REQUEST","data":null,"status":"Failed"}, HTTP Error Code: 400”]

I suspect the removal of old access profile is not happening, is this could be the reason for it?

Hi @Shonnegowda ,

This could be a character encoding issue.
I am facing a similar error and trying to figure it out. I assume that you were able to hit these endpoints successfully with tools like PostMan.

My API calls work in postman and a webservices saas connecter. The error is thrown when I use a webservices connector.

Please keep us posted. I will update as I make progress.

I’m able to figure out the issue, I was calling the target endpoint directly and the request endpoint was not updated. After the update its working fine.