8.4
Hi Sailors,
I would like to know if it is possible to add an entitlement to multiple roles in bulk.
Example:
Adding “Entitlement A” to “Role A”, “Role B”, and “Role C”.
I found that the Batch Request feature in SailPoint supports adding entitlements to identities. Is there a similar feature available for adding entitlements to roles in bulk?
Thank you.
check this blog Bulk import roles from a CSV file - Compass
Hi @Bernardc ,
I don’t think that there is any feature available to add the entitlement in roles in bulk . Moreover the manual work .
Just a quick idea - If the number is high , Probably write a rule , where you can read the entitlement from text file etc and update the bundle object using API . Export it and update your repo accordingly .
@Bernardc - We wrote a rule to read the role details from the CSV file and create/update bundles in Sailpoint. The following snippet will help you to add the entitlements to the IT Role. I hope this helps.
if (role.getType().contains("it")) {
log.debug("\tIT Role Specific Processing:");
// Only if roleExists==false
// Clear out the previous profiles on the role.
if (null != role.getProfiles()) {
role.getProfiles().clear();
}
if( null != attrName1 && null != entitlements1 && null != appObj1) {
// Build the filterString for entitlements matching this IT role.
String comma = "";
String filterString1 = attrName1 + ".containsAllIgnoreCase({";
log.debug("\tParse Entitlements into a filter string, " + attrName1 + " = :");
for (Object entValue : Util.safeIterable(entitlements1)) {
log.debug("\tAdding entitlements to filter string: " + entValue.toString());
filterString1 += comma + "\"" + (String) entValue + "\"";
comma = ",";
}
filterString1 += "})";
log.debug("\tCompleted filter string: " + filterString1);
Filter filter1 = Filter.compile(filterString1);
Profile profile1 = new Profile();
profile1.setDescription("Entitlements required by '" + roleName + "' for " + applicationName1);
profile1.setApplication(appObj1);
profile1.addConstraint(filter1);
role.add(profile1);
} else {
log.debug("Ignoring application1 entitlements for role: "+roleName);
}
if( null != attrName2 && null != entitlements2 && null != appObj2) {
// Build the filterString for entitlements matching this IT role.
String comma = "";
String filterString2 = attrName2 + ".containsAllIgnoreCase({";
log.debug("\tParse Entitlements into a filter string, " + attrName2 + " = :");
for (Object entValue : Util.safeIterable( entitlements2)) {
log.debug("\tAdding entitlements to filter string: " + entValue.toString());
filterString2 += comma + "\"" + (String) entValue + "\"";
comma = ",";
}
filterString2 += "})";
log.debug("\tCompleted filter string: " + filterString2);
Filter filter2 = Filter.compile(filterString2);
Profile profile2 = new Profile();
profile2.setDescription("Entitlements required by '" + roleName + "' for " + applicationName2);
profile2.setApplication(appObj2);
profile2.addConstraint(filter2);
role.add(profile2);
} else {
log.debug("Ignoring application2 entitlements for role: "+roleName);
}
}