Fetch Identities which are associated to a role

Which IIQ version are you inquiring about?

[8.4]

Share all details about your problem, including any error messages you may have received.

I have written a main method to fetch the identities associated with a role. The input is giving the role name, what i have observed is if i am passing role of type Business i am getting the list of identities who are having the given role. But if i am passing any permitted IT role i am not to fetch the identities.

Here is my logic below:
*
private static List<Identity> fetchAllIdentityBasedOnRole(Bundle bundle) throws GeneralException, SQLException {
String roleType = bundle.getType();
System.out.println("Role Name: " + bundle.getName());
System.out.println("Role Type: " + roleType);

QueryOptions queryOptions = new QueryOptions();
queryOptions.addFilter(Filter.containsAll("assignedRoles", Util.asList(bundle)));
Iterator<Identity> search = context.search(Identity.class, queryOptions);
List<Identity> identities = new ArrayList<>();
while (search.hasNext()) {
Identity identity = search.next();
identities.add(identity);
}
return identities;
}*

I have seen that in Sailpoint UI the permitted roles are present in the “Detected Role Summary” for an Identity.

Can you let me know how can i fetch the Identities associated with a role which is a permitted IT role

@harishchappidi_11

In your code, you have added the filter on assignedRoles. If you are using OOTB Role Access Request flow or RBAC, then only Business Roles will be coming as Assigned roles.

To get the IT Roles, use detectedRoles in place of assignedRoles.

Thanks

You can use below code to fetch the assigned and detected roles of an identity:

Identity user = context.getObjectByName(Identity.class,"Richard.Jackson");

System.out.println("\nListing of Assigned Roles");
 Bundles = (List) user.getAssignedRoles();
 if (null != Bundles) {
        for(Bundle role: Bundles) {
            System.out.println("Role Name = " + role.getFullName() + ";  Role Type = " + role.getType());
    }
}

System.out.println("\nListing of Detected Roles");
List Bundles = (List) user.getBundles();
if (null != Bundles) {
        for(Bundle role: Bundles) {
            System.out.println("Role Name = " + role.getFullName() + ";  Role Type = " + role.getType());
    }
}

Hello @msingh900

I have used the below logic to fetch the detected roles

`private List<Identity> fetchAllIdentityBasedOnRole(Bundle bundle) throws GeneralException, SQLException {
    
    QueryOptions queryOptions = new QueryOptions();
    queryOptions.addFilter(Filter.containsAll("detectedRoles", Util.asList(bundle)));
    Iterator<Identity> search = context.search(Identity.class, queryOptions);
    List<Identity> identities = new ArrayList<>();
    while (search.hasNext()) {
        Identity identity = search.next();
        identities.add(identity);
    }
    System.out.println("Found " + identities + " identities");

return identities;
}`

I am getting the below error:

Error while testing: could not resolve property: detectedRoles of: sailpoint.object.Identity
sailpoint.tools.GeneralException: could not resolve property: detectedRoles of: sailpoint.object.Identity

@msingh900 I will not have the Identity as input for my code, my input will be Role name so i need to fetch all the identities that are having this role. I have seen in my sailPoint UI that the business role are present in the Assigned role summary tab and the permitted roles of a business role which are basically of type IT are present in the Detected Role summary tab for an Identity in the Identity warehouse.

I want a logic based on the role name wanted to fetch all the Identities associated with it.

Use this DB Query to get the results:

SELECT spt_identity.name, spt_bundle.name
from spt_identity, spt_bundle, spt_identity_bundles
where spt_identity.id = spt_identity_bundles.identity_id
and spt_bundle.id =  spt_identity_bundles.bundle
AND spt_bundle.name = "<Your Role Name>"
group by spt_identity.name;

Use this DB Query to get the results:

SELECT spt_identity.name, spt_bundle.name
from spt_identity, spt_bundle, spt_identity_bundles
where spt_identity.id = spt_identity_bundles.identity_id
and spt_bundle.id =  spt_identity_bundles.bundle
AND spt_bundle.name = "<Your Role Name>"
group by spt_identity.name;

Execute the above query. Write a java method that executes query and get you the results.

You can try this way also.

For the above query it has given me only one record on passing a Business role.

But when i used the below query

select id.name AS identity_name, id.display_name, id.email, id.assigned_role_summary from spt_identity id where id.assigned_role_summary LIKE ‘%<your role name">%’;

then it gave me total 5 records as compared both queries with Sailpoint UI what i have observed is your query is fetching the role present in Detected Role Summary tab, but the query i used is fetching from the Assigned Role Summary tab from sailPoint UI.

I don’t want to use a DB query. Later this logic i will be considering this as a Task.

Use this code:

This will work fine to get all the users who have a particular IT Role/Detected Role.

import sailpoint.object.QueryOptions;
  import sailpoint.object.Filter;
  import sailpoint.object.Identity;
import sailpoint.tools.*;

  QueryOptions qo=new QueryOptions();
  Filter filter=Filter.eq("inactive", false);
  List identityList=new ArrayList();
  qo.addFilter(filter);
  Iterator itr=context.search(Identity.class,qo);
  while(itr.hasNext()){
    Identity identity=itr.next();
    if(null!=identity){
      List detecRoles = identity.getDetectedRoles();
      if(!Util.isEmpty(detecRoles)){
        for(Bundle role : detecRoles){
          if(null==role){ continue; }
          if(Util.nullSafeCaseInsensitiveEq(role.getName(),"Test Role")){
            identityList.add(identity.getName());
          }

        }
      }
    }

  }
  return identityList;

I tested this code. It gave the full list of users who have the IT Role.

Let me know if you need any other help.

Thanks

One more thing, it is for Detected Roles only. If you need to utilize this rule for assigned Roles then more conditions or logic you need to add here.

Hi @harishchappidi_11 ,

Using the below code, you can get all the identities associated with a role of type business or IT.

public List getIdentities(String roleName){

    if(roleName!=null && !roleName.isEmpty()){

      Bundle bundle = context.getObjectByName(Bundle.class,roleName);

      if(bundle!=null){

        List identities = new ArrayList();

        QueryOptions qo = new QueryOptions();

        String roleType = bundle.getType();

        if(roleType!=null && !roleType.isEmpty()){
          if(roleType.equalsIgnoreCase("business")){

            qo.addFilter(Filter.eq("assignedRoles.name",roleName));

          }

          if(roleType.equalsIgnoreCase("IT")){

            qo.addFilter(Filter.eq("bundles.name",roleName));
          
          }
        }

       
        Iterator iterator = context.search(Identity.class,qo,"name");

        while(iterator!=null && iterator.hasNext()){

          Object[] names = (Object[]) iterator.next();

          identities.add(names[0]);


        }

        return identities;


      }



    }

    return null;

  }

Hello @Chathurya Thanks, for sharing the logic. I have used similar logic and able to achieve this. Thanks once again!

Hello @msingh900 I tried this logic but i am able to get the detectedRoles but here it is fetching all the Identities which i feel is not that sufficient enough. So I have used a logic where i have used “bundles.name” like the one @Chathurya has shared. But anyways Thanks for the support. It helped me a lot.

Hey @harishchappidi_11 no worries. Happy to help.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.