Assigning SAP Roles via Policy Xpress returns a JSON error

Document ID : KB000124430
Last Modified Date : 11/01/2019
Show Technical Document Details
Issue:
When assigning a SAP role (example MY_ROLE) via CA Identity Manager Policy Xpress (PX) the following error is returned.

Unrecognized command] A JSONObject must begin with '{' at character 1 of MY_ROLE

 
Environment:
CA Identity Suite vAPP 14.x
Cause:
This is caused by mismatch in the policy syntax
Resolution:
If you were to use an incorrect format for example

{"expiryDate":"","parentContainer":"Roles","acctRole":"MY_ROLE"}

you will receive the JSON error even if the parenthesis are correctly placed.

A correct format is similar to the one below

{"validToDate":"9999-12-31","roleName":"SAPRole={'Sap roles'},EndPoint=SAP TEST,Namespace=SAP R3,Domain=im,Server=Server","validFromDate":"2019-01-09"}
Additional Information:
If you are unsure of the correct provisioning format, create a PX policy to retrieve some value from the desired endpoint and write it to the logs.  This should serve as a model for the required write.