Display Name of entitlements entitlements that are in the role but no longer in the entitlement catalog

import sailpoint.object.TaskResult;
import sailpoint.object.QueryOptions;
import sailpoint.object.Identity;
import sailpoint.tools.Message;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import java.util.*;
import sailpoint.object.*;
import sailpoint.object.Bundle;

        QueryOptions qo = new QueryOptions();
        Iterator it = context.search(Bundle.class, qo);
	 String roleNames = "";

        while (it.hasNext()) {
            Bundle bundle = it.next();
            List profiles = bundle.getProfiles();

            for (Profile profile : Util.safeIterable(profiles)) {
                List constraints = profile.getConstraints();

                for (Filter cons : Util.safeIterable(constraints)) {
                    Application app = profile.getApplication();
                    if (app != null) {
                        Schema accountSchema = app.getAccountSchema();

                        if (accountSchema != null) {
                            if (cons instanceof Filter.LeafFilter) {
                                String property = cons.getProperty();
                                Map map = accountSchema.getAttributeMap();

                                // Check if the property (entitlement) is missing
                                if (map != null && !map.containsKey(property)) {
                                    roleNames += String.format("%s\n", bundle.getName());
                                }
                            }
                        }
                    }
                }
            }
        }

    TaskResult taskResult = context.getObjectByName(TaskResult.class, "AIZ-RoleEntitlementMissing");
    if (taskResult != null) {
        taskResult.setAttribute("roleNames", "Roles with missing entitlements:\n" + roleNames);
        taskResult.setCompletionStatus(TaskResult.CompletionStatus.Success);
        context.saveObject(taskResult);
    }

    // Return the list of role names
    return roleNames;

Hi @autorun6464,

What is the issue that you are facing? Is this code snippet not working or you need a snippet to get the details that you are looking?

Thanks

1 Like

Yes
I need snippet to get details that i am looking for

After the above line you can use below code snippet to check if the entitlement value is null or not null. If not null, then your entitlement exists in the system else it does not exist.

List valueList = (List) ((LeafFilter) cons).getValue();
                       
                        for(String entName:valueList)
                        {
                        	if(property!=null @and entName!=null)
                            {
                            	ManagedAttribute ent=ManagedAttributer.get(context, application, property, entName);
                            	if(ent==null)
									//Does not exist in the system;
								else
									//Exist in the system
                            }
                        }

Let me know if further help is needed.

Thanks

1 Like

yup it worked but there are two entitlements name also been displayed which are in entitlement catalogue . i rechecked if any space or dash are diff …but everything looks same any idea about it?

Please share the xml of bundle and managed attribute so that I can take a look and suggest.

yea it was actually a single dash diff … but now o want that report/task result to expport in csv file…
can we do that/

Yes you can simply use below sample code to create a csv file.

String fileName = "example.csv";

        // Create a FileWriter object
        try (FileWriter writer = new FileWriter(fileName)) {
            // Write the header
            writer.append("ID,Name,Age\n");

            // Write some data
            writer.append("1,John Doe,30\n");
            writer.append("2,Jane Smith,25\n");
            writer.append("3,Bob Johnson,40\n");

            System.out.println("CSV file created successfully!");

        } catch (IOException e) {
            e.printStackTrace();
        }

i did it this way but parse error

QueryOptions qo = new QueryOptions();
Iterator it = context.search(Bundle.class, qo);

// CSV file name
String fileName = System.getProperty("user.home") + 
                 (System.getProperty("os.name").toLowerCase().contains("win") ? "\\Desktop\\exported_roles.csv" : "/Desktop/exported_roles.csv");

try (FileWriter writer = new FileWriter(fileName)) {
    // Write CSV header
    writer.append("Role Name,Missing Entitlement\n");

    while (it.hasNext()) {
        Bundle bundle = it.next();
        List profiles = bundle.getProfiles();

        for (Profile profile : Util.safeIterable(profiles)) {
            List constraints = profile.getConstraints();

            for (Filter cons : Util.safeIterable(constraints)) {
                Application app = profile.getApplication();
                if (app != null) {
                    Schema accountSchema = app.getAccountSchema();

                    if (accountSchema != null) {
                        if (cons instanceof Filter.LeafFilter) {
                            String property = cons.getProperty();
                            Object value = ((Filter.LeafFilter) cons).getValue();

                            List valueList = new ArrayList();
                            // Check if the value is a List or String
                            if (value instanceof List) {
                                valueList.addAll((List) value);
                            } else if (value instanceof String) {
                                valueList.add((String) value);
                            }
                            for (String entName : valueList) {
                                if (property != null && entName != null) {
                                    // Check if the entitlement exists in the ManagedAttribute catalog
                                    ManagedAttribute ent = ManagedAttributer.get(context, app, property, entName);
                                    if (ent == null) {
                                        // Write the missing entitlement to the CSV
                                        writer.append(bundle.getName()).append(",").append(entName).append("\n");
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    System.out.println("CSV file created successfully on your desktop!");

} catch (IOException e) {
    e.printStackTrace();
}

TaskResult taskResult = context.getObjectByName(TaskResult.class, "AIZ-RoleEntitlementMissing");
if (taskResult != null) {
    taskResult.setAttribute("roleNames", "Roles with missing entitlements exported to CSV");
    taskResult.setCompletionStatus(TaskResult.CompletionStatus.Success);
    context.saveObject(taskResult);
}

Hi Anmol,
please share logs
also check this
if (value instanceof List) {
valueList.addAll((List) value);
} else if (value instanceof String) {
valueList.add((String) value);
}

can you please
check my code after i added csv export function i got parse error… may be issue is here

String fileName = System.getProperty("user.home") + 
                 (System.getProperty("os.name").toLowerCase().contains("win") ? "\\Desktop\\exported_roles.csv" : "/Desktop/exported_roles.csv");

Hi @autorun6464,

The shared line looks fine to me as I tested it, and it is not throwing any error.

Thanks

Just try changing the above code as below and it should solve parsing error.
As per my understanding for me also it was giving parsing error with your code snippet. But making below changes resolved it. Let me know if it solves your issue.

try {
	FileWriter writer = new FileWriter(fileName);

it says success but i dont see file in the Desktop. i even try to change it to C:\exported_roles.csv but i dont see file there even after success

i dont see in the path the exported file even thou it say success in task result

String fileName = “\\cead.prd\data\Groups\MIA0\Groups1\OIM\SailPoint\Missing_Entitlements.csv”;

my whole code

import sailpoint.object.TaskResult;
import sailpoint.object.QueryOptions;
import sailpoint.object.Identity;
import sailpoint.tools.Message;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import java.util.ArrayList;
import java.util.*;
import sailpoint.object.*;
import sailpoint.object.Bundle; 
import sailpoint.api.ManagedAttributer;
import sailpoint.tools.Util;

QueryOptions qo = new QueryOptions();
Iterator it = context.search(Bundle.class, qo);

// CSV file name
String fileName = System.getProperty("user.home") + 
                 (System.getProperty("os.name").toLowerCase().contains("win") ? "\\Desktop\\exported_roles.csv" : "/Desktop/exported_roles.csv");

try {
	FileWriter writer = new FileWriter(fileName);
    // Write CSV header
    writer.append("Role Name,Missing Entitlement\n");

    while (it.hasNext()) {
        Bundle bundle = it.next();
        List profiles = bundle.getProfiles();

        for (Profile profile : Util.safeIterable(profiles)) {
            List constraints = profile.getConstraints();

            for (Filter cons : Util.safeIterable(constraints)) {
                Application app = profile.getApplication();
                if (app != null) {
                    Schema accountSchema = app.getAccountSchema();

                    if (accountSchema != null) {
                        if (cons instanceof Filter.LeafFilter) {
                            String property = cons.getProperty();
                            Object value = ((Filter.LeafFilter) cons).getValue();

                            List valueList = new ArrayList();
                            // Check if the value is a List or String
                            if (value instanceof List) {
                                valueList.addAll((List) value);
                            } else if (value instanceof String) {
                                valueList.add((String) value);
                            }
                            for (String entName : valueList) {
                                if (property != null && entName != null) {
                                    // Check if the entitlement exists in the ManagedAttribute catalog
                                    ManagedAttribute ent = ManagedAttributer.get(context, app, property, entName);
                                    if (ent == null) {
                                        // Write the missing entitlement to the CSV
                                        writer.append(bundle.getName()).append(",").append(entName).append("\n");
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    System.out.println("CSV file created successfully on your desktop!");
    writer.close();

} catch (IOException e) {
    e.printStackTrace();
}

Hi @autorun6464,

Try adding the logger to see the details that is being written.

Also if still, you are not able to find the solution then add below line before writer.close(); and see if it makes any difference.

writer.flush();

Thanks

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.