Best way to get All entitlement assigned to identity cube which are not linked to roles

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.5P1

Share all details about your problem, including any error messages you may have received.

I wanted to know Best way to get All entitlement assigned to identity which are not linked to role. i have wrote below code but im not getting correct results.

import sailpoint.object.Identity;
import sailpoint.object.IdentityEntitlement;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import java.util.ArrayList;
import java.util.List;
import java.util.Iterator;

List directEntitlements = new ArrayList();
Identity identity = context.getObjectByName(Identity.class, “ABC”);

if (identity != null) {
QueryOptions qo = new QueryOptions();
qo.addFilter(Filter.eq(“identity”, identity));

Iterator it = context.search(IdentityEntitlement.class, qo);
while (it.hasNext()) {
    IdentityEntitlement ie = (IdentityEntitlement) it.next();
    
    // If getSource() is null, it means it's a direct/additional entitlement 
    // and not governed by a Role [IdentityEntitlement Javadoc](https://developer.sailpoint.com)
    if (!ie.isGrantedByRole()) {
        directEntitlements.add(ie.getValue()+"  ---  "+ie.getSource());
    }
}

}
return directEntitlements;

2

Hi @gavhanet ,

Could you try using the following code to get the direct entitlements.

 import sailpoint.object.QueryOptions;
  import sailpoint.object.Filter;
  import sailpoint.object.Identity;
  import sailpoint.tools.Util;

  import sailpoint.object.IdentityEntitlement;

  import java.util.Iterator;

  import java.util.List;
  import java.util.ArrayList;

  List directEntitlements = new ArrayList();

  String identityName = ""; // identityName 

  QueryOptions options = new QueryOptions();

  if(Util.isNotNullOrEmpty(identityName)){

    options.addFilter(Filter.eq("identity.name",identityName));
    options.addFilter(Filter.and(Filter.ne("name","detectedRoles"),Filter.ne("name","assignedRoles")));

    Iterator iterator = context.search(IdentityEntitlement.class,options,"value");

    while(iterator!=null && iterator.hasNext()){

      Object[] values = (Object[]) iterator.next();

      if(values!=null && values[0]!=null ){

        directEntitlements.add(values[0]);

      }



    }

    Util.flushIterator(iterator);

  }



  return directEntitlements;
1 Like
3

To see entitlements that aren’t granted through roles, open the identity in the Identity Warehouse and go to the Entitlements tab. Turn on Show only additional entitlements to filter the list so it displays only entitlements directly assigned to the identity, excluding any inherited from roles.

You can refer this link: Exclude Role-Based Entitlements - #2 by Arun-Kumar

2 Likes
4

If you only want to see them on UI and a report is not needed, you can open identity cube >> Go to Entitlements tab >> select show only additional entitlements

image
image1565Ă—145 16 KB

If you need to generate a report, I would recommend using the rule mentioned by @Chathurya

1 Like
5

@gavhanet You might want to add more details on your request. Do you need a report? or you want to check for single user in the UI or something else?

Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(:heart:, :+1:, etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.