Assigning SAP Roles via Policy Xpress returns a JSON error
Article ID: 124430
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
When assigning a SAP role (example MY_ROLE) via CA Identity Manager Policy Xpress (PX) the following error is returned.
Unrecognized command] A JSONObject must begin with '{' at character 1 of MY_ROLE
Unrecognized command] A JSONObject must begin with '{' at character 1 of MY_ROLE
Environment
CA Identity Suite vAPP 14.x
Cause
This is caused by mismatch in the policy syntax
Resolution
If you were to use an incorrect format for example
{"expiryDate":"","parentContainer":"Roles","acctRole":"MY_ROLE"}
you will receive the JSON error even if the parenthesis are correctly placed.
A correct format is similar to the one below
{"validToDate":"9999-12-31","roleName":"SAPRole={'Sap roles'},EndPoint=SAP TEST,Namespace=SAP R3,Domain=im,Server=Server","validFromDate":"2019-01-09"}
{"expiryDate":"","parentContainer":"Roles","acctRole":"MY_ROLE"}
you will receive the JSON error even if the parenthesis are correctly placed.
A correct format is similar to the one below
{"validToDate":"9999-12-31","roleName":"SAPRole={'Sap roles'},EndPoint=SAP TEST,Namespace=SAP R3,Domain=im,Server=Server","validFromDate":"2019-01-09"}
Additional Information
If you are unsure of the correct provisioning format, create a PX policy to retrieve some value from the desired endpoint and write it to the logs. This should serve as a model for the required write.
Feedback
Yes
No
Powered by
