Exclustion Rule for Certification Event Process

Hello I have a task to create a Certification Event process for Job code changes. I noticed that it includes everything tied to the users identity. I am trying to create an exclusion rule that leaves out any role with the type “business.” Does anyone have any examples on how to begin or a similar rule.

Hi @cdavis132 , try this rule to exclude roles…Use custom object and add those roles in hte custom object , which roles you want to exclude

import sailpoint.object.Bundle;
import sailpoint.object.CertificationItem;
import sailpoint.object.Custom; 
import org.apache.log4j.Logger;
import org.apache.commons.logging.*;
Logger log = Logger.getLogger("com.Certification.CustomLog");
     log.debug("** Role Exclusion Certification Rule ** :-Start");
      List itemList = new ArrayList(items);
			log.info("itemList is..."+itemList);
             Custom custom = context.getObject( Custom.class, "Custom -Roles to Exclude");  
			 List roleList = new ArrayList();
			 if(custom!=null) {  
				roleList = custom.get(APPLICATION_ENTITLEMENT_LIST); 
				log.info("roleList is..."+roleList);
				 for(Object item : itemList) {
				 log.info("item is..."+item);
					if(item instanceof Bundle) {
					 String roleName=item.getDisplayName();
					 log.info("roleName is..."+roleName); 
					 if (!roleList.contains(roleName)){
					  log.info("Enter if..."+roleName); 
						explanation = "This item was excluded because the Role does not belong to portal application";
						log.debug("** Role Exclusion Certification Rule ** : excluded because the account it resides on is disabled");

			log.debug("** Role Exclusion Certification Rule ** :-End");
    return explanation;

Thank you for the rule how would I narrow it down by type rather then listing the actual roles?

1 Like
for (Certifiable item : items) {
    if (item instanceof Bundle) {
        Bundle bee = (Bundle) item;
        if ("business".equalsIgnoreCase(bee.getType())) itemsToExclude.add(item);
items.removeAll(itemsToExclude); //this line might not be necessary
return null;
1 Like

@cdavis132 Did the rule provided above solve your issue?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.