Cleanup of unwanted policies from the IIQ Environment

IdentityIQ (IIQ) IIQ Community Knowledge Base
, ,
1

Problem

In SailPoint IdentityIQ (IIQ), a large number of policies were unintentionally or unnecessarily created after a certain date—potentially numbering in the hundreds or thousands, such as 1000 in some cases. Deleting this volume of policies manually is both time-consuming and prone to errors. Additionally, performing bulk deletions through the user interface is not practical due to performance limitations and the lack of bulk management features. A reliable and scalable solution is required to identify and remove these policies efficiently without disrupting the existing environment or causing unintended side effects.

Solution

To address the challenge of bulk policy cleanup in SailPoint IdentityIQ, we have developed a custom method that automates the filtering and deletion of policies based on their creation date. This approach eliminates the need for manual intervention and significantly reduces the risk of errors. The method works by:

  1. Retrieving all policies created after the specified date and whose name starts with a certain value.

  2. Iterating through the list and programmatically deleting all policies at once.

  3. Logging progress for traceability and error handling.

/***
	 * This method deletes the policy from a specific date
	 * @param config
	 * @throws Exception
	 */
	public void DeletePolicy(Map config) throws Exception {
		
		if(null != config) {
			String dateValue = (String) config.get("dateValue");
			if(Util.isNotNullOrEmpty(dateValue)) {
				int count = 0;
				Date date = new SimpleDateFormat("MM/dd/yyyy").parse(dateValue);
				try {
					if(null != date) {
						QueryOptions queryOptions = new QueryOptions();
						Policy policy = null;
						Terminator terminator = null;
						Filter nameStartFilter = Filter.and(Filter.like("name", "Policy-",Filter.MatchMode.START),Filter.ge("created", date));
						queryOptions.add(nameStartFilter);
						count = context.countObjects(Policy.class, queryOptions);
						if(count > 0) {
							terminator = new Terminator(context);
							if(null != terminator) {
								terminator.deleteObjects(Policy.class, queryOptions);
							}
						}
					}
				}catch(Exception exception) {
					throw new Exception("Exception occured while deleting policy " + exception.getMessage());
				}
			}
		}else {
			logger.info("Provide input in config ");
		}
		
		
		
	}
4 Likes