Exclude Business Roles from Event Certification

cdavis132 · December 14, 2023, 8:12pm

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

I have set up a certification event for job code changes. I noticed when a review gets kicked off all roles are included even the birthright/business roles. I am trying to find a way to exclude the business roles out of the certification. I saw that there is an exclusion rule that can be created. Does anyone have any examples on how this rule should look or faced a similar situation. Also is there another way outside of the exclusion rule to handle this? T

dheerajk27 · December 15, 2023, 12:24am

Hi @cdavis132 ,

for excluding any item from certification i believe certification rule is only way. you need to look for the role name which you want to exclude and remove it from item object and then add it to itemToRemove Object and return Explanation. Try below code, this might give some error as i have written it on fly as not yet tested. But the concept is true:

import sailpoint.object.*;
import java.util.Iterator;
import sailpoint.object.Attributes;
import org.apache.log4j.Logger;

 System.out.println("Entering Exclusion Rule.");
 String explanation = "";
  System.out.println("------Items are------"+items);

  boolean exclude = false;

  Iterator it = items.iterator();

  while (it.hasNext())

  {

    Certifiable certifiable = it.next();

    System.out.println("-------Certifiable are--------"+certifiable);
    Bundle role = null;
    if(certifiable instanceof Bundle)
    {
      role = (Bundle)certifiable;
      System.out.println("---------Entitlements are-----"+ents);

    }
  
    if(null != role)
    {
		String roleName = role.getName();
		System.out.println("-----Role Name are--------"+roleName);

       

        if (roleName.equalsIgnoreCase("role to remove")

        {

          System.out.println("-------Role to exclude is------"+roleName);

          it.remove();

           itemsToExclude.addAll(items);

          items.clear();

		  explanation = "Not certifying birthright roles";

        }

    }

    }

  return explanation;

cdavis132 · December 19, 2023, 3:30pm

I will test this out in our lower environment and let you know the results thanks.

sreeram · February 16, 2024, 7:24am

For future reference check out the document titled “Rules in IdentityIQ”, the document may be old but it still stands true. The document is for IIQ version 7.2 version. I have attached a copy that I have here in my replies

Rules in IdentityIQ 7.2.pdf (2.0 MB)

system · April 16, 2024, 7:25am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exclustion Rule for Certification Event Process IIQ Discussion and Questions rules , identityiq , certifications	5	510	November 19, 2023
Exclusion rule to remove IT roles mapped to business roles for certification review IIQ Discussion and Questions identityiq , certifications	17	190	September 3, 2024
Certification Exclusion Rule IIQ Discussion and Questions	4	4376	July 19, 2023
Certification Exclusion Rule IIQ Community Knowledge Base rules , identityiq , certifications	0	401	June 25, 2024
Manager Certification - Detected Roles and Assigned Roles IIQ Discussion and Questions identityiq	7	51	November 8, 2024

Exclude Business Roles from Event Certification

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related topics