Currently im doing the training essentials on version 8.2
the exercise is about adding a rule into the account mapping:
Add a new attribute on acccount mapping named: privileged
why to refer an existing attribute?
how i make this rule to reflect true and not false?? My understanding is that now this attribute priviliged is false because does not exist in the target application, Im right?
another question: return link.getNativeIdentity().toLowerCase().contains("admin")
link, is refering to the argument value =link?
<Argument name="link">
how do i know what object is refering to? Link? ProvisionalPlan to get the method .getNativeIdenttiy()
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1696271129808" id="c0a8b25f8af115a9818af1b2725601a5" language="beanshell" modified="1696331621627" name="App_TimeTracking_LinkAttribute-ContainsAdmin" type="LinkAttribute">
<Description>This rule is used when promoting account attributes from Links during aggregation.</Description>
<Signature returnType="Object">
<Inputs>
<Argument name="log" type="org.apache.commons.logging.Log">
<Description>
The log object associated with the SailPointContext.
</Description>
</Argument>
<Argument name="context" type="sailpoint.api.SailPointContext">
<Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
</Argument>
<Argument name="environment">
<Description>
The optional arguments passed from the task executor, if the rule is running within a task.
</Description>
</Argument>
<Argument name="link">
<Description>
The Link whose attribute is being promoted.
</Description>
</Argument>
</Inputs>
<Returns>
<Argument name="value">
<Description>
An Object to be used as the attribute value.
</Description>
</Argument>
</Returns>
</Signature>
<Source>
return link.getNativeIdentity().toLowerCase().contains("admin");</Source>
</Rule>
Link is nothing but Account. If you add an attribute under Account Mappings, then it applies to all links (accounts) for all users (identities).
So, the Rule has link object (which contains all the attributes of account) as input.
So the code will get Native Identity, not sure what is your native identity in your application, if it has admin then it marks privilege as true, I guess column name id is the native identity you might have used. If yes then I don’t see any id in your database has admin in it. so only you don’t see any identity account privileged as true. Create a new user in your DB with id as 1a2b3a-admin and try again.
In this case, the Link from app Time Tracking is being passed into the rule
Note that instead of namedColumn="true" (you can use this after extending the DB schema for the Link class), the attribute will take one of the placeholder extended attributes if you add it via the UI: extendedNumber="1"
Every Rule comes with list of arguments (inputs), you do not need to declare them.
SailPoint development is understanding what are the inputs, what will be the output (returns).
So you take arguments, use the values if you need them, apply some basic core logic to Check the conditions, Generate some values based on user data or account data.
For example:
If country is USA then country_code is 1
Generate display_name using first_name and last_name if you don’t get display_name from your HR source.
Calculate user is active or not using employee_status or end_date
So you get inputs like this in your Rules, you get better idea when you understand the SailPoint object modeling. Some of the most used objects are
Identity (User)
Link (Account)
ProvisioningPlan (Referred as plan, which contains information about all account attributes that need to create account in Target application)
