Add Member to sub-PROD Group from PROD Request
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 01:12 PM
Hello,
We've recently set in place some new requirements related to access in our sub-PROD environments and people will now need to request said access and have it only for a set amount of time. In the sub-PROD environment(s) we'll still be maintaining this through a group membership.
Is there a way to automatically update group membership in a sub-PROD environment through a request made in PROD? Please note, the groups do not exist in AD or our IAM tool and we do not have the AD synch turned on for sub-PROD to keep other issues from arising. Any thoughts on how to potentially automate this across environments? Would a Flow action w/ API reaching "back" do the trick? Something better out there?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 01:24 PM
Hi @Erik,
This is achievable by multiple ways. You can have an Import Set API in your Sub-PROD, then you can use a transform map where the target table would be "sys_user_grmember".
The Service Account used for the integration should be created in Test, and imported by its XML to PROD.
If you have more instances (PROD, TEST, DEV, ...) You can do it between TEST and DEV and then move the implementation to PROD and Sub-PROD.
You can build a UI Action which would perform a POST rest call to the import set API created on Sub-PROD.
Downside of these approaches and what you should take into account:
- There might be adjustments needed to be done in PROD directly
- Whenever there would a be Clone from PROD to Sub-PROD, there might be a risk to loose these changes on Sub-PROD if you do not take care of the exempted tables.
If you found this helpful, please hit the thumbs-up button and mark as correct. That helps others find their solutions.
