Exclustion Rule for Certification Event Process

cdavis132 · September 13, 2023, 10:41pm

Hello I have a task to create a Certification Event process for Job code changes. I noticed that it includes everything tied to the users identity. I am trying to create an exclusion rule that leaves out any role with the type “business.” Does anyone have any examples on how to begin or a similar rule.

Vb_Bellamkonda · September 14, 2023, 8:53am

Hi @cdavis132 , try this rule to exclude roles…Use custom object and add those roles in hte custom object , which roles you want to exclude

import sailpoint.object.Bundle;
import sailpoint.object.CertificationItem;
import sailpoint.object.Custom; 
import org.apache.log4j.Logger;
import org.apache.commons.logging.*;
Logger log = Logger.getLogger("com.Certification.CustomLog");
     log.debug("** Role Exclusion Certification Rule ** :-Start");
  
      String APPLICATION_ENTITLEMENT_LIST="Role_list";
      List itemList = new ArrayList(items);
			log.info("itemList is..."+itemList);
             Custom custom = context.getObject( Custom.class, "Custom -Roles to Exclude");  
			 List roleList = new ArrayList();
			 if(custom!=null) {  
				roleList = custom.get(APPLICATION_ENTITLEMENT_LIST); 
				log.info("roleList is..."+roleList);
				}  
				 for(Object item : itemList) {
				 log.info("item is..."+item);
					if(item instanceof Bundle) {
                              
					 String roleName=item.getDisplayName();
					 log.info("roleName is..."+roleName); 
					 if (!roleList.contains(roleName)){
					  log.info("Enter if..."+roleName); 
						itemsToExclude.add(item);
						items.remove(item); 
						explanation = "This item was excluded because the Role does not belong to portal application";
						log.debug("** Role Exclusion Certification Rule ** : excluded because the account it resides on is disabled");

						}
					}
				}
			log.debug("** Role Exclusion Certification Rule ** :-End");
    return explanation;

cdavis132 · September 14, 2023, 3:47pm

Thank you for the rule how would I narrow it down by type rather then listing the actual roles?

iamnithesh · September 14, 2023, 8:21pm

for (Certifiable item : items) {
    if (item instanceof Bundle) {
        Bundle bee = (Bundle) item;
        if ("business".equalsIgnoreCase(bee.getType())) itemsToExclude.add(item);
    }
}
items.removeAll(itemsToExclude); //this line might not be necessary
return null;

colin_mckibben · September 20, 2023, 12:54pm

@cdavis132 Did the rule provided above solve your issue?

system · November 19, 2023, 12:55pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exclude Business Roles from Event Certification IIQ Discussion and Questions rules , identityiq	4	331	April 16, 2024
Certification Exclusion Rule IIQ Discussion and Questions	4	4417	July 19, 2023
Exclusion rule to remove IT roles mapped to business roles for certification review IIQ Discussion and Questions identityiq , certifications	17	195	September 3, 2024
Certification Exclusion Rule IIQ Community Knowledge Base rules , identityiq , certifications	0	478	June 25, 2024
Manager Certification With an Exclusion Rule IIQ Discussion and Questions rules , identity-security-cloud , identityiq	5	917	June 22, 2023

Exclustion Rule for Certification Event Process

Related topics