Hello all,
I’m trying to figure out how to assign entitlement using ProvisioningPlan, I’m running the following:
identity - identity object
rolename - string with role name
ProvisioningPlan assignmentPlan = new ProvisioningPlan();
roleAssignmentPlan.setIdentity(ident);
roleAssignmentPlan.setSource("SomeName");
AccountRequest accountRequest = new AccountRequest();
accountRequest.setApplication(ProvisioningPlan.APP_IIQ);
AttributeRequest att = new AttributeRequest();
att.setName(ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES);
att.setOperation(ProvisioningPlan.Operation.Add);
att.setValue(roleName);
accountRequest.add(att);
roleAssignmentPlan.add(accountRequest);
Provisioner provisioner = new Provisioner(context);
provisioner.execute(roleAssignmentPlan);
But either it won’t provision the entitlement or I’m doing something wrong.
I can’t figure out what I’m missing here.
It seems to be working - I can see the group being provision in the Admin Center, but I’d like to ask something to see if I understand this process fully.
Here:
AccountRequest acctReq = new AccountRequest(AccountRequest.Operation.Modify, ProvisioningPlan.APP_IIQ, null, identity.getName());
the “ProvisioningPlan.APP_IIQ” should be directed at the application - let’s call it SAP_Hana_P40_Tenant, in which I’d like to assign the group to user? Or it should remain as IIQ and IIQ will then provision the group during aggregations?
If your defined role in IIQ has entitlements related to “SAP_Hana_P40_Tenant”, then keep the application as IIQ. That would mean adding the IIQ role to the user which applies the entitlements defined in the role.