Entitlement Existence Check in Bundle - Error in Beanshell Rule

KaranGulati25 · May 16, 2025, 5:13am

Which IIQ version are you inquiring about?

8.3p4

Share all details about your problem, including any error messages you may have received.

I’m writing a Beanshell rule in IIQ to bulk-update a set of IT roles by adding a new entitlement from Azure AD. Here’s the high-level flow:

Read CSV of role IDs (id) and names (ITRole_Names).
Lookup each Bundle (role) by its ID and verify its name matches the CSV.
Check whether the entitlement already exists on that role before adding it (“step 3”).
Build and attach a new Profile constrained to the group GUID via a CONTAINS_ALL filter.

Note:

appName is a variable holding the target application’s name (e.g. "Azure Active Directory").

entitlementValue is a variable holding the GUID of the group I need to check/add (e.g. "xcgdhdy-iopo-fghy-8ba3-789456").

Steps 1, 2, and 4 all work perfectly if I remove step 3 entirely.

What step 3 does

I need to skip any roles that already have that target entitlement. My Beanshell code for step 3 looks like this (with XML-escaped loops and logical ANDs):

// 3) Skip if entitlement already present
boolean exists = false;
List profiles = bundle.getProfiles();
for (int i = 0; i &lt; profiles.size(); i++) {
    Profile p = (Profile) profiles.get(i);
    // confirm it’s our application
    if (p.getApplication(appName) == null) {
        continue;
    }
    List constraints = p.getConstraints();
    for (int j = 0; j &lt; constraints.size(); j++) {
        Filter c = (Filter) constraints.get(j);
        if (Filter.Operation.CONTAINS_ALL.equals(c.getOperation()) &amp;&amp
            ((List)c.getValue()).contains(entitlementValue)) {
            exists = true;
            break;
        }
    }
    if (exists) {
        break;
    }
}
if (exists) {
    custLog.debug("Skipping entitlement on role: " + roleName);
    continue;
}

The error

When IIQ compiles this rule I get:

No static field or inner class: Operation of class sailpoint.object.Filter : at Line: 81

Typed variable declaration : Error in method invocation: Method getApplication(java.lang.String) not found in class'sailpoint.object.Profile' : at Line: 72 : in file: inline evaluation of

Error in method invocation: Method getAttribute(java.lang.String) not found in class 'sailpoint.object.Filter$LeafFilter'

My asks

Is there a simpler way in Beanshell/IIQ to detect whether a specific entitlement profile already exists on a role?
Any corrections to my loop syntax or use of the Filter API that would compile cleanly?

Thanks in advance for your insights!
– Karan Gulati

dheerajk27 · May 16, 2025, 9:45am

Karan Gulati:

No static field or inner class: Operation of class sailpoint.object.Filter : at Line: 81

Typed variable declaration : Error in method invocation: Method getApplication(java.lang.String) not found in class'sailpoint.object.Profile' : at Line: 72 : in file: inline evaluation of

Error in method invocation: Method getAttribute(java.lang.String) not found in class 'sailpoint.object.Filter$LeafFilter'

No static field or inner class: Operation of class sailpoint.object.Filter : at Line: 81

Typed variable declaration : Error in method invocation: Method getApplication(java.lang.String) not found in class'sailpoint.object.Profile' : at Line: 72 : in file: inline evaluation of [ Issue, profile.getApplication("appName") method does not exist, Use p.getApplication() , it wil return Application Object.

Error in method invocation: Method getAttribute(java.lang.String) not found in class 'sailpoint.object.Filter$LeafFilter'

you can use below code, by manipulation based on your requirment, for iterating over Profiles:

boolean exists = false;

List profileList = bundle.getProfiles();

  for (Profile profile : profileList) {
                if (profile == null) {
                  continue;
                }
              log.debug("profile==>" + profile);
              List filterList = profile.getConstraints();
              if (Util.isEmpty(filterList)) {
                continue;
              }
              log.debug("filterList==>" + filterList);
              for (Filter filter : filterList) {  
                if (filter == null) {
                    continue;
                }
                log.debug("filter==>" + filter);
                log.debug("bundle==>" + bundle.getName());
                String entValue="";
                if (filter instanceof Filter.LeafFilter) {
                  if (filter.getValue() instanceof String){
                    entValue=filter.getValue();  // this will give the entitlment of role if its only one from one application.        
                  } else {
                    for (String value : filter.getValue()) {
                     entValue += "," + value; //if there are more then one entitlment for given application.
                   }
                 }
                }
                // Remove the starting comma if present
                if (entValue.startsWith(",")) {
                  entValue = entValue.substring(1); // Remove the first character (comma)
                }
                log.debug("entValue in String==>"+entValue);
                return  entValue; //it will return entitlement from the role.             
                }
                }