cancel
Showing results for 
Search instead for 
Did you mean: 

IPS - transformation - adding a user to a group using patch

arturka
Explorer
0 Kudos
170

Hi all.
In out IAS tenant users are created by replication from SF.
Now we have requirement to update nickname and groups for some users. It should be done by replication from ABAP system.
Base on docs https://help.sap.com/docs/identity-provisioning/identity-provisioning/patched-and-merged-attributes?...  we have prepared a patch transformation. 
It works if only nickName is updated 

 

 

{
    "user": {
        "mappings": [
            {
                "sourcePath": "$",
                "targetPath": "$"
            },
            {
                "targetPath": "$.id",
                "type": "remove"
            },
            {
                "targetPath": "$.id",
                "sourceVariable": "entityIdTargetSystem"
            },
            {
                "targetPath": "$.schemas",
                "type": "remove"
            },
            {
                "targetPath": "$.schemas[0]",
                "constant": "urn:ietf:params:scim:schemas:core:2.0:User"
            },
            {
                "targetPath": "$.schemas[1]",
                "constant": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
            },
            {
                "targetPath": "$.schemas[2]",
                "constant": "urn:ietf:params:scim:schemas:extension:sap:2.0:User"
            },
            {
                "targetPath": "$.emails[0].primary",
                "condition": "$.emails[0].length() > 0",
                "constant": true
            },
            {
                "targetPath": "$.meta",
                "type": "remove"
            },
            {
                "constant": "userName",
                "targetVariable": "entityCorrelationAttributeName"
            },
            {
                "sourcePath": "$.userName",
                "targetVariable": "entityCorrelationAttributeValue"
            },
            {
                "targetPath": "$.schemas[0]",
                "constant": "urn:ietf:params:scim:api:messages:2.0:PatchOp",
                "scope": "patchEntity"
            },
            {
                "targetPath": "$.meta",
                "type": "remove",
                "scope": "patchEntity"
            },
            {
                "targetPath": "$.Operations[0].op",
                "condition": "$.nickName EMPTY false",
                "constant": "add",
                "scope": "patchEntity"
            },
            {
                "targetPath": "$.Operations[0].path",
                "condition": "$.nickName EMPTY false",
                "constant": "nickName",
                "scope": "patchEntity"
            },
            {
                "sourcePath": "$.nickName",
                "targetPath": "$.Operations[0].value",
                "condition": "$.nickName EMPTY false",
                "scope": "patchEntity"
            },
            {
                "targetPath": "$.Operations[1].op",
                "constant": "add",
                "scope": "patchEntity"
            }
        ]
    }
}

 

 

The problem occurs when we want to update the group

following code is added to the transformation 

 

 

            {
                "targetPath": "$.Operations[1].op",
                "constant": "add",
                "scope": "patchEntity"
            },
            {
                "targetPath": "$.Operations[1].path",
                "constant": "groups",
                "scope": "patchEntity"
            },
            {
                "targetPath": "$.Operations[1].value",
                "constant": "xxxxxx-7f28-4b83-9aaf-xxxxxx",
                "scope": "patchEntity"
            }

 

 

And error is generated

arturka_0-1733167418421.png

Question, how to prepare correct transformation for user group update?

A.

 

 

Accepted Solutions (0)

Answers (1)

Answers (1)

arturka
Explorer

@yogananda thank you a lot, this helped us to understand transformations. 

I have found solution. 

https://help.sap.com/docs/identity-provisioning/identity-provisioning/enabling-group-assignment

 

arturka_0-1733209554532.png

A.