Event Trigger JsonPATH Filter

Nadim · July 13, 2023, 9:25am

Hello,
I am using the event trigger Access request submitted to verify if a request has been submitted correctly.

To submit a request correctly a user must request two access profiles, one that starts with “APP - Role …” and another that starts with “APP - Merchant …”.
I am configuring my event trigger filter to trigger only if one of the access profiles is requested without the other. Therefore the logic operation that should be used is XOR.

I implemented this with the following filter:
$.requestedItems[?((@.name contains “APP - Role” && !(@.name contains “APP - Merchant”) )|| (@.name contains “APP - Merchant” && !(@.name contains “APP - Role”)) )]
Which is the XOR logical operator using supported jsonPATH operations.

My problem here is that the trigger still fires when in my access request I have both a role and a merchant. I tried to send the result of a filter in a webhook via workflows and I recieve a null body. Did anyone have a similar problem and if yes how did you solve it.

Thank you in advance,
Nadim

sharvari · July 13, 2023, 12:33pm

If these are the only 2 profiles being requested you can add an additional condition on size of requestedItems like $[?($.requestedItems size 1]

For additional filtering criteria options please refer:

Nadim · July 13, 2023, 12:48pm

Hello Sharvari,
No we cannit add condition on size as someone might request other access profiles at the same time.

We can expect an end user to request other access profiles with the ones related to the event trigger

Regards,
Nadim

sharvari · July 13, 2023, 1:21pm

Have you tried

$.requestedItems[?(((@.name contains “APP - Role” && !(@.name contains “APP - Merchant”) )|| (@.name contains “APP - Merchant” && !(@.name contains “APP - Role”))) && !(@.name contains “APP - Role” && @.name contains “APP - Merchant”)]

Nadim · July 13, 2023, 1:34pm

Thank you for the suggestion but this filter still triggers the event if both access profiles are in a request

colin_mckibben · July 13, 2023, 3:21pm

Does this mean they can request multiple access profiles with APP - Role or APP - Merchant in a single request, or that they can only have one APP - Role and one APP -Merchant, but they could have other access profiles that don’t match that criteria?

If they can only have a maximum of one APP - Role and one APP - Merchant in a request, then you could try this filter:

$[?(!($.requestedItems[?(@.name contains "APP - Role")] size 1 && $.requestedItems[?(@.name contains "APP - Merchant")] size 1))].requestedItems[?(@.name contains "APP - Role" || @.name contains "APP - Merchant")]

This will trigger only when one of APP - Role or APP - Merchant is present, but not both. If both are present, it won’t trigger. If neither are present, it won’t trigger. It ignores any other access profiles.

Nadim · July 13, 2023, 3:39pm

Hello,

Thank you very much this filter works.

Regards,
Nadim

system · September 11, 2023, 3:39pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Provisioning Completed - Event Trigger Filters ISC Discussion and Questions	5	1682	July 31, 2023
Filter event trigger on more than one item ISC Discussion and Questions event-triggers	5	774	July 19, 2023
Jsonpath Filter Expressions ISC Discussion and Questions workflows , identity-security-cloud	7	1005	December 11, 2023
How to Set Up Alerts and Approvals for Access Requests Using Event Triggers in SailPoint ISC Discussion and Questions apis , identity-security-cloud , event-triggers , access-requests	5	46	November 3, 2024
Json path event trigger ISC Discussion and Questions event-triggers	3	788	July 19, 2023

Event Trigger JsonPATH Filter

Related topics