Share all details related to your problem, including any error messages you may have received.
I am working on an exclusion rule that should omit entitlements that have the attribute “isCertifiable” == FALSE. This is a string value. Below is the code I have and the error I am running into.
Error:
An unexpected error occurred: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import java.util.Iterator; import java.util.List; import sailpoint.object. . . . '' : Typed variable declaration : Error in method invocation: Method get(java.lang.String) not found in class'sailpoint.object.EntitlementGroup' : at Line: 26 : in file: inline evaluation of: import java.util.Iterator; import java.util.List; import sailpoint.object. . . . ‘’ : entGroup .get ( “isCertifiable” ) BSF info: Sentry Certification Exclusion Rule at line: 0 column: columnNo
From entGroup you can get Entitlement name and application related details, using that you have to fetch the Managed Attribute Object and find if the entitlement is certifiable or not, you cannot get it directly from Entitlement group Object, if you need complete code help for this let me know, I can give but this should be your approach.
When looking at the certification, the groups marked as FALSE for isCertifiable are still showing in the certification. Is that expected?
I am not the owner of the certification so im not sure if it just greys out the option to remove.
I just tried a fresh certification this morning and it looks to still be including those entitlement.
I see, when I click on the details of the entitlement, that it is isCertifiable: FALSE.
In the code it was mentioned as IsCertifiable and in your comment it is mentioned as isCertifiable, there is a case difference, not sure if it is just a typo here while sending but anyhow , can you share the complete updated code you are using and one of the enitlement from Debug page which is part of Certification and still isCertifiable false.
I have verified it is isCertifiable. I updated it all in the code to reflect this and created a new certification. Looks like they are still sticking on the certification.
I have made slight change to the code to check whether the attributes are null before checking the isCertifiable attribute.
import java.util.Iterator;
import java.util.List;
import sailpoint.object.Bundle;
import sailpoint.object.Certifiable;
import sailpoint.object.*;
import sailpoint.object.EntitlementGroup;
import sailpoint.object.Attributes;
import java.util.Map;
import sailpoint.api.ManagedAttributer;
Iterator iter = items.iterator();
String explanation = "";
while (iter.hasNext()) {
Certifiable cert = (Certifiable) iter.next();
log.warn( "The cert is of type " + cert.getClass());
if (cert != null ) {
if (cert instanceof EntitlementGroup) {
EntitlementGroup entGrp = (EntitlementGroup) cert;
if (entGrp != null ) {
if(entGrp.getAttributes()!= null){
Attributes atts = entGrp.getAttributes();
List entlist = atts.getKeys();
Iterator entit = entlist.iterator();
while (entit.hasNext()) {
String attrname = entit.next();
String attrval = atts.getString(attrname);
String appName = entGrp.getApplicationName();
Application app1 = context.getObjectByName(Application.class, appName);
ManagedAttribute ma = ManagedAttributer.get(context, app1, attrname, attrval);
if (ma != null) {
if (ma.getAttributes() != null && ma.getAttributes().get("isCertiable") != null){
String isCertifiable = ma.getAttributes().get("isCertiable");
if (isCertifiable.equalsIgnoreCase("FALSE")) {
itemsToExclude.add(entGrp);
iter.remove();
explanation = "Removed Entitlement";
}
}
}
}
}
}
}
}
}
return explanation;
If the code is still not working, please make sure to check couple of things.
Attribute Name : As Satish mentioned double check the attributeName with case. If there is a change in attribute replace isCertiable with the correct attribute name.
Attribute Type : Also check the type of the extended attribute, if the type is boolean please change this line if (isCertifiable.equalsIgnoreCase("FALSE")) to