nandiniks
August 21, 2024, 9:32am
1
<?xml version='1.0' encoding='UTF-8'?>
This SalesforceProvision rule can to disable the profile when profileid is revoked from sailpoint UAR.
<![CDATA[
import java.util.ArrayList;
import java.util.List;
import sailpoint.object.Identity;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.api.Provisioner;
import sailpoint.object.*;
import sailpoint.tools.Util;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
log.info("Inside Rule - BeforeProvisioning - SalesforceBeforeProvisioning");
Identity identity = plan.getIdentity();
if ( plan != null ) {
List accounts = plan.getAccountRequests();
if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {
for ( AccountRequest account : accounts ) {
if ( AccountRequest.Operation.Modify.equals( account.getOperation() ) ) {
//String nativeIdentity = (String) account.getNativeIdentity();
AttributeRequest attrReq = account.getAttributeRequest("Profile");
AttributeRequest attrReqSpePer = account.getAttributeRequest("Special_Permissions__c");
**List<String> SpecialPermissionsList = Arrays.asList(attrReqSpePer.split("\\s*,\\s*"));**
List memeberOfListRemoved = new ArrayList();
if ( account != null ) {
if ( attrReq != null && ProvisioningPlan.Operation.Remove.equals(attrReq.getOperation()) ) {
if (attrReq.getValue()!=null && attrReq.getValue() instanceof String)
{
account.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
}
else if (attrReq.getValue()!=null && attrReq.getValue()instanceof List)
{
account.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
}
}
}
if (SpecialPermissionsList != null) {
if (SpecialPermissionsList instanceof String) {
String strGroup = (String) SpecialPermissionsList;
memeberOfListRemoved.add(strGroup);
}
else if (SpecialPermissionsList instanceof List) {
memeberOfListRemoved = (List) SpecialPermissionsList;
}
}
for (Iterator iterator = memeberOfListRemoved.iterator(); iterator.hasNext();){
String SpecialPermissions = (String) iterator.next();
if (SpecialPermissions != null) {
iterator.remove();
}
}
}
}
}
}
]]>
nandiniks
August 21, 2024, 9:34am
2
HI All,
we seeing error in the line below.
we are trying to split special attribute and convert into a list separated by ; .
Arun-Kumar
August 21, 2024, 10:02am
3
Hi @nandiniks ,
What is the error you are getting?
split("\\s*;\\s*") use this express. This will split on semicolon and cousume any spaces either side.
Regards,
nandiniks
August 21, 2024, 10:30am
5
Arun Kumar:
attrReqSpePer
attrReqSpePer is an attribute request object.
nandiniks
August 21, 2024, 10:32am
6
attrReqSpePer is AttributeRequest
Arun-Kumar
August 21, 2024, 10:38am
7
Hi @nandiniks
Are you using List<String> in your code?
List<String> SpecialPermissionsList = Arrays.asList(attrReqSpePer.split("\\s*,\\s*"));
Remove the <String> and try. like below
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.split("\\s*,\\s*"));
Hi @nandiniks ,
Did you get a chance to update the code and check?
nandiniks
August 21, 2024, 3:22pm
10
We are seeing still same error Arun.
Arun-Kumar
August 21, 2024, 3:35pm
11
HI @nandiniks ,
This time you are getting different error could not find method split .
Try with this
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.toString().split(β\s*,\s*β));
Regards,
nandiniks
August 21, 2024, 3:40pm
13
<?xml version='1.0' encoding='UTF-8'?>
This SalesforceProvision rule can to disable the profile when profileid is revoked from sailpoint UAR.
<![CDATA[
import java.util.ArrayList;
import java.util.List;
import sailpoint.object.Identity;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.api.Provisioner;
import sailpoint.object.*;
import sailpoint.tools.Util;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
log.debug("Inside Rule - BeforeProvisioning - SalesforceBeforeProvisioning");
Identity identity = plan.getIdentity();
if ( plan != null ) {
List accounts = plan.getAccountRequests();
if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {
for ( AccountRequest account : accounts ) {
if ( AccountRequest.Operation.Modify.equals( account.getOperation() ) ) {
//String nativeIdentity = (String) account.getNativeIdentity();
AttributeRequest attrReq = account.getAttributeRequest("Profile");
AttributeRequest attrReqSpePer = account.getAttributeRequest("Special_Permissions__c");
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.toString().split(β\s*,\s*β));
List memeberOfListRemoved = new ArrayList();
if ( account != null ) {
if ( attrReq != null && ProvisioningPlan.Operation.Remove.equals(attrReq.getOperation()) ) {
if (attrReq.getValue()!=null && attrReq.getValue() instanceof String)
{
account.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
}
else if (attrReq.getValue()!=null && attrReq.getValue()instanceof List)
{
account.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
}
}
if ( attrReqSpePer != null && ProvisioningPlan.Operation.Remove.equals(attrReq.getOperation()) ) {
if (SpecialPermissionsList != null) {
if (SpecialPermissionsList instanceof String) {
String strGroup = (String) SpecialPermissionsList;
memeberOfListRemoved.add(strGroup);
}
else if (SpecialPermissionsList instanceof List) {
memeberOfListRemoved = (List) SpecialPermissionsList;
}
}
for (Iterator iterator = memeberOfListRemoved.iterator(); iterator.hasNext();){
String SpecialPermissions = (String) iterator.next();
if (SpecialPermissions != null) {
iterator.remove();
}
}
}
}
}
}
}
}
log.debug("exiting Rule - BeforeProvisioning - SalesforceBeforeProvisioning");
]]>
Arun-Kumar
August 21, 2024, 3:46pm
14
use the standard double quotation marks (" ) on line no:35
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.toString().split("\s*,\s*"));
nandiniks
August 21, 2024, 3:50pm
15
can you please share the updated line here.
Arun-Kumar
August 21, 2024, 3:52pm
16
please use the below line which has standard double quotation marks(")
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.toString().split("\s*,\s*"));
Arun-Kumar
August 21, 2024, 3:58pm
18
Sorry. use the below code
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.toString().split("\\s*,\\s*"));
Arun-Kumar
August 21, 2024, 4:13pm
20
log.info("Inside Rule - BeforeProvisioning - SalesforceBeforeProvisioning");
Identity identity = plan.getIdentity();
if ( plan != null ) {
List accounts = plan.getAccountRequests();
if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {
for ( AccountRequest account : accounts ) {
if ( AccountRequest.Operation.Modify.equals( account.getOperation() ) ) {
//String nativeIdentity = (String) account.getNativeIdentity();
AttributeRequest attrReq = account.getAttributeRequest("Profile");
AttributeRequest attrReqSpePer = account.getAttributeRequest("Special_Permissions__c");
List SpecialPermissionsList = Arrays.asList(attrReqSpePer.toString().split("\\s*,\\s*"));**
List memeberOfListRemoved = new ArrayList();
if ( account != null ) {
if ( attrReq != null && ProvisioningPlan.Operation.Remove.equals(attrReq.getOperation()) ) {
if (attrReq.getValue()!=null && attrReq.getValue() instanceof String)
{
account.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
}
else if (attrReq.getValue()!=null && attrReq.getValue()instanceof List)
{
account.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
}
}
}
if (SpecialPermissionsList != null) {
if (SpecialPermissionsList instanceof List) {
memeberOfListRemoved = (List) SpecialPermissionsList;
}
}
for (Iterator iterator = memeberOfListRemoved.iterator(); iterator.hasNext();){
String SpecialPermissions = (String) iterator.next();
if (SpecialPermissions != null) {
iterator.remove();
}
}
}
}
}
}
SpecialPermissionsList is List object. No need to check the instanceof String. Try this one
