Create a policy to restrict users raising request for entitlement if they dont have application link access

Himanshu_singh03 · December 4, 2024, 5:00pm

We have created new application called abc and made few entitlements as requestable so end users will raise request for it but if any new user who dont have link raise request means it will get failed with some exception so we need to restrict that scenario

enistri_devo · December 4, 2024, 5:50pm

Hi @Himanshu_singh03,

you can use an IdentitySelector Rule on quicklinks population. There you can find the documentation and some exaple

iamksatish · December 4, 2024, 6:07pm

@Himanshu_singh03
You can try exploring advanced SOD policy as well for this, check the below

Just implement a similar one to check if user is having corresponding link if at all raising a request for entitlement under this app in your rule

sukarande · December 11, 2024, 9:48am

Try below snippet. Create Policy and make it active. It should throw violation.

  import sailpoint.object.Identity;
  import sailpoint.object.Custom;
  import sailpoint.object.PolicyViolation;
  import java.util.List;
  import java.util.ArrayList;
  import sailpoint.object.*;
  import sailpoint.object.Attributes;
  import org.apache.logging.log4j.Logger;
  import org.apache.logging.log4j.LogManager;
  import sailpoint.api.IdentityService;
  import sailpoint.object.RoleAssignment;
  import org.apache.commons.collections.map.CaseInsensitiveMap;
  import sailpoint.tools.Util;
  import sailpoint.object.Link;
  import java.util.List;

  try {
    
    //1 time this loop will gets executed
    if(policy.getArgument("policystatus")==null){

      List&lt;Link> beforeLinks=identity.getLinks();
      for(Link link:beforeLinks)
      {
        Check Links here;
      }
      policy.setArgument("policystatus","true");
      return null;
    }  

    //2nd run loops through here
    if(policy.getArgument("policystatus")!=null){

             //Write logic to check all condiotion link of the user and all

                PolicyViolation polVil = new PolicyViolation();
                polVil.setActive(true);   
                polVil.setIdentity(identity);   
                polVil.setPolicy(policy);
                polVil.setConstraint(constraint);
                polVil.setStatus(sailpoint.object.PolicyViolation.Status.Open);
                polVil.setDescription("This violation is thrown because the user Dont Have Link "); 
                return polVil;
              }
return null;

    }
   catch(Exception e)
  {
   
  }

system · February 9, 2025, 9:48am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.