Version 8.3
When someone (the requester) is requesting access for someone else (the requestee), does the application provisioning policy have access to the requester’s identity? I would like to have a hidden field be made visible based on the requester’s department. Is that possible?
Hi @adam_carter,
The requester is not available in the provisioning policy, however you can easily get the requester from the provisioning plan in the before provisioning rule.
List<Identity> requesters = plan.getRequesters();
– Remold
Thank you for the reply. Getting the requester in the before provisioning rule doesn’t help me though. Guess I will have to come up with some other solution.
You can also take a look at the ‘LCM Provisioning’ or ‘Identity Request Provisioning’ workflows, where you can inject the hidden field in the provisioning plan.
While reading your question again, some extra question: Are you referring to injecting an hidden field via the provisioning policy (to have it provisioned to the application), or do you want to make an hidden field visible during the initial access request (in the form) and show it to the requester?
– Remold
I need to show it to the requester so that they can make a selection between 3 or 4 different values.
So you are looking to change the form and not the provisioning policy 
I know this is possible, but not from the top of my head. I need some time to get the answer or someone else can help 
the ProvisioningProject is available in the provisioning policy and you can try to get the requester using ProvisioningProject.
String requester = project.getRequester();
I am importing the ProvisioningProject in the script but I am getting this error when I use your example…
Attempt to resolve method: getRequester() on undefined variable or class name: project
I have recently come back to this project and am still unable to get the requester. Any ideas on how to make this work?
I have tested it on 8.3p3 when provisioning policy is defined as rule(FieldValue) and its giving the requester id,
I created a rule and am still getting the error. Below is the rule I am using. What am I doing wrong?
<?xml version='1.0' encoding='UTF-8'?> The log object associated with the SailPointContext. A sailpoint.api.SailPointContext object that can be used to query the database if necessary. The Identity object that represents the user needing the field value. The sailpoint.object.Link that is being acted upon. If the link is not applicable, this value will be null. The sailpoint.object.ManagedAttribute that is being acted upon. If the managed attribute is not applicable, the value will be null. The provisioning project being acted upon. If a provisioning project is not applicable, the value will be null. The account request. If an account request is not applicable, the value will be null. The object request. If an object request is not applicable, the value will be null. The role with the template we are compiling. If the role is not applicable, the value will be null. The sailpont.object.Application with the template we are compiling. If the application is not applicable, the value will be null. The Template that contains this field. The current field being computed. The current value corresponding to the identity or account attribute that the field represents. If no current value is set, this value will be null. The operation being performed. The string value created.import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import sailpoint.api.*;
import sailpoint.api.SailPointContext;
import sailpoint.object.*;
import sailpoint.object.Attributes;
import sailpoint.object.Custom;
import sailpoint.object.Field;
import sailpoint.object.Form;
import sailpoint.object.Identity;
import sailpoint.object.ProvisioningProject;
import sailpoint.tools.Util;
Logger log = Logger.getLogger("UAM-Rule-FieldValue-ActiveDirectory-Requester");
log.setLevel(Level.DEBUG);
String requester = null;
String value = null;
requester = project.getRequester();
if ( log.isDebugEnabled() )
{
log.debug("Requester = "+requester);
log.debug("project = "+project.toXml());
}
return requester;
Hemant, would you mind sharing how you did this? I am unable to get it to work.
@adam_carter
I used a simple code in the field value rule to check whether the project and requester is available or not.
System.out.println(project.toXml());
System.out.println("------------------------------------------------------------------------------");
System.out.println("Requester::" +project.getRequester());
Below is my output in catalina.out where I am able to see the ProvisioningProject as well as the requester details.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningProject PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningProject identity="Son Mohanty">
<Attributes>
<Map>
<entry key="disableRetryRequest">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="identityRequestId" value="0000000008"/>
<entry key="optimisticProvisioning" value="false"/>
<entry key="requester" value="spadmin"/>
<entry key="source" value="LCM"/>
</Map>
</Attributes>
<MasterPlan>
<ProvisioningPlan>
<AccountRequest application="Employees" op="Modify">
<Attributes>
<Map>
<entry key="attachmentConfigList"/>
<entry key="attachments"/>
<entry key="flow" value="AccessRequest"/>
<entry key="id" value="7f0000018f52132a818fbd2444d"/>
<entry key="interface" value="LCM"/>
<entry key="operation" value="EntitlementAdd"/>
</Map>
</Attributes>
<AttributeRequest assignmentId="a4caa59483cc40c5af37c22c33e3" name="access" op="Add" value="developer">
<Attributes>
<Map>
<entry key="assignment" value="true"/>
</Map>
</Attributes>
</AttributeRequest>
</AccountRequest>
<Attributes>
<Map>
<entry key="identityRequestId" value="0000000008"/>
<entry key="requester" value="spadmin"/>
<entry key="source" value="LCM"/>
</Map>
</Attributes>
<ProvisioningTargets>
<ProvisioningTarget application="Employees" assignmentId="a4caa59483cc40c5af37c22c33e" attribute="access" value="developer">
<AccountSelection applicationId="7f0000018f52132a818fbd17cc6e" applicationName="Employees" implicitCreate="true"/>
</ProvisioningTarget>
</ProvisioningTargets>
<Requesters>
<Reference class="sailpoint.object.Identity" id="7f000001807f159a81807f65da06" name="spadmin"/>
</Requesters>
</ProvisioningPlan>
</MasterPlan>
<ProvisioningPlan targetIntegration="Employees" trackingId="dd8c7fa87b2c44efa10f2c0fc7f">
<AccountRequest application="Employees" op="Create">
<Attributes>
<Map>
<entry key="attachmentConfigList"/>
<entry key="attachments"/>
<entry key="flow" value="AccessRequest"/>
<entry key="id" value="7f00018f52132a818fbd2444dd499a"/>
<entry key="interface" value="LCM"/>
<entry key="operation" value="EntitlementAdd"/>
</Map>
</Attributes>
<AttributeRequest assignmentId="a4caa59483cc40c5af37c221b6e" name="access" op="Add" value="developer">
<Attributes>
<Map>
<entry key="assignment" value="true"/>
</Map>
</Attributes>
</AttributeRequest>
</AccountRequest>
<Requesters>
<Reference class="sailpoint.object.Identity" id="7f000001807f159a81807f65da08" name="spadmin"/>
</Requesters>
</ProvisioningPlan>
<ProvisioningTarget application="Employees" assignmentId="a4caa59483cc40c5af37c22c33e31b" attribute="access" value="developer">
<AccountSelection applicationId="7f0000018f52132a818fbd17cc6e4" applicationName="Employees" implicitCreate="true"/>
</ProvisioningTarget>
</ProvisioningProject>
------------------------------------------------------------------------------
Requester::spadmin
How I did:
I created a “provisioning policy” for for create user. Raised an access request for an user which in terms executes the policy form and prints the lines in console.
@adam_carter pls this page, this will give you complete detail. You can select Rule then you will see project and more available objects.
Thank you for the link Kumar. That ended up helping me solve it. The project argument was not being passed to the “Present Provisioning Form” step, which is why it wasn’t working. So simple, yet I completely missed it. Thank you again!!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.