Exclude Read permission(Select, Read, reference) from entitlement owner certification from oracle based app

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Which IIQ version are you inquiring about? relevant.

8.4p2

Please share any other relevant files that may be required (for example, logs).

image
image750×327 21.9 KB

Share all details about your problem, including any error messages you may have received.

Hi All,

*I wanted to know, how we can exclude the read permissions (*Select, Read, reference) from entitlement owner certification from oracle-based app. I need to do this on granular level like if any type (Entitlement,Group,Role,Permission,Right) has *(*Select, Read, reference) need to be excluded from the certification.

Please let me know if anyone have idea on it.

Thanks in Advance.

2

Hi @Rana123H

you can do this via certification exclusion rule to exclude the entitlements

3

Hi, I tried using an exclusion rule, but it’s not producing the expected result. When I attempt to exclude a specific permission using the rule, it ends up excluding both execute and other permissions as well.

here is the code which i have used in exclusion rule

      if (app != null && app.toLowerCase().contains("oracle")) {



        List permissions = link.getPermissions();



        if (permissions != null) {



          for (Object permObj : permissions) {



            if (permObj != null) {

               System.out.println("Perm inside select and read if::   "+permObj);

              String rights= permObj.getRights();



              //String perm = permObj.toString().toUpperCase();



              if (rights.contains("SELECT") || rights.contains("READ")) {

                 System.out.println("Item inside select and read if::   "+item);



              try {

                  List rights = permObj.getRightsList();

                 /\* if (rights != null) {

                      rights.remove("SELECT");

                      rights.remove("READ");

                      permObj.setRights(rights);

                  }\*/
      if (rights!=null @andand rights.contains(“SELECT”) || rights.contains(“READ”)) { itemsToExclude.add(item);

        items.remove(item);

                  }





                 explanation = "Excluded Oracle permission containing SELECT or READ.";



                break;

              } catch (Exception e) {

                  System.out.println("Error modifying rights: " + e.getMessage());

              }





               



              }



            }



          }



        }



      }

  if (app != null @and app.toLowerCase().contains(“oracle”)) {
    for (sailpoint.object.CertificationEntity ce : certification.getEntities()) {
        String app = ce.getApplication();
        if (app!=null @and app.toLowerCase().contains(“oracle”)) {
            for (sailpoint.object.CertificationItem ci : ce) {
                List ent = ci.getEntitlements();
                for (sailpoint.object.EntitlementSnapshot ets : ent) {
                    if (ets != null @and ets.getPermissionRight().contains("SELECT") || ets.getPermissionRight().contains("READ")) {
                        itemsToExclude.add(item);
                        items.remove(item);
                        explanation = "Excluded Oracle permission containing SELECT or READ.";
                    }
                }
            }
        }
    }
}
4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.