Get application roles as well as search for the roles

pctripathi · August 26, 2024, 3:03pm

Hi everyone,
I have created a form where I am selecting application from a dropdown field and the roles assigned to that application is being displayed in next field. But I believe not more then 6 roles are being fetched.
I need to change my code such that after getting the roles related to the application, more roles also can be searched and can be added in the role field. Below is my code, please suggest a way to proceed for this.

<Section label="Application Name" name="Section 2">
    <Field displayName="Select" dynamic="true" name="Field_6" postBack="true" required="true" type="Application"/>
    <Field displayName="Roles" dynamic="true" multi="true" name="Field_7" type="string">
      <Script>
        <Source>
                 import sailpoint.object.*;
                import sailpoint.tools.Util;
                import java.util.List;
                import java.util.ArrayList;
                import java.util.Locale;

                Locale locale = new Locale("en", "US");
                Set field7Value = new HashSet();
                Object field6 = form.getField("Field_6").getValue();

                if (field6 != null) {
                Application selectedApp = context.getObjectById(Application.class, field6.toString());

                Map roles = selectedApp.getEntitlements(locale);
                if (roles != null &amp;&amp; !roles.isEmpty()) {
                field7Value = roles.keySet();
                form.getField("Field_7").setHidden(false);
                } else {
                form.getField("Field_7").setHidden(true);
                }
                
                }
                return field7Value;
              </Source>
      </Script>
    </Field>
  </Section>

enistri_devo · August 26, 2024, 3:15pm

Hi @pctripathi,

whe you open the list dont you have this button at end of list?

pctripathi · August 26, 2024, 3:35pm

Hi @enistri_devo
Mine looks like this

In this image roles appeared automatically after I selected Application name which is okay. But I cannot search other roles assigned to it. Only 6 are appearing. else I can type anything and just add there which might not be the actual role assigned to that application.

Arun-Kumar · August 26, 2024, 3:56pm

Hi @pctripathi,

What ever you are seeing in the form is not roles. it is a Entitlement field name. It is not a Entitlement value.
In the selected application, you have only 6 Entitlement field. So, it is displaying only 6

Regards,
Arun

enistri_devo · August 26, 2024, 4:00pm

Ok, I understand.

The funciun selectedApp.getEntitlements(locale) return all schema attributes are detect like entitlement, not the list of roles.

For example, with this schema:

return this:

If you want a list of related roles of application, you must search on Bundle objects.
Also, if you want the entitlments of app, you must search on ManagedAttributes objects.
You can use context.getObjects(Bundle.class, qo) or context.Search(Bundle.class, qo). The first return a list of object and the second return an iterator

pctripathi · August 26, 2024, 6:45pm

Hi @enistri_devo @Arun-Kumar
I am trying to change the script but occuring system error.
What’s the error in this script now?

<Section label="Application Name" name="Section 2">
    <Field displayName="Select" dynamic="true" name="Field_6" postBack="true" required="true" type="Application"/>
    <Field displayName="Roles" dynamic="true" multi="true" name="Field_7" postBack="true" type="string">
      <Script>
        <Source>
               import sailpoint.object.*;
            import sailpoint.tools.Util;
            import java.util.List;
            import java.util.HashSet;

            Set field7Value = new HashSet();
            Object selectedAppValue = form.getField("Field_6").getValue();

            if (selectedAppValue != null) {
                Application selectedApp = context.getObjectById(Application.class, selectedAppValue.toString());

                if (selectedApp != null) {
                   
                    List<Bundle> roles = selectedApp.getRoles();
                    if (roles != null &amp;&amp; !roles.isEmpty()) {
                        for (Bundle role : roles) {
                            field7Value.add(role.getName()); 
                        }
                    }
                }
            }
            return field7Value;
              </Source>
      </Script>
    </Field>
  </Section>

drosenbauer · August 26, 2024, 7:01pm

List<Bundle> roles = selectedApp.getRoles();

This is not a real method. Application has no “getRoles”.

Is your goal here to display all of the requestable IIQ roles that are associated with the given application? For example, IT Roles that have the application in their Profile, or Business Roles that require those IT Roles?

Or does “roles” have a specific meaning in the application you’re dealing with?

pctripathi · August 26, 2024, 7:14pm

Yes @drosenbauer
I want to show roles in a dropdown field which are of selected application name and select them one by one by making roles field as multi value.
But I can’t see how can I find role of an application.

If I select type as role/Bundle I am getting all the roles present in sailpoint.

enistri_devo · August 26, 2024, 8:11pm

use something like this:

import sailpoint.object.*;
import sailpoint.tools.Util;
import java.util.List;
import java.util.ArrayList;
import sailpoint.api.IdentityService;

String field6 = form.getField("Field_6").getValue();
Field field7 = form.getField("Field_7");
List <Bundle> roles = new ArrayList();

if (field6 != null) {
    Application selectedApp = context.getObjectById(Application.class, field6); 
    DynamicValue dynamicValue = new DynamicValue();
    List 

    QueryOptions qo = new QueryOptions();
    qo.add(Filter.subquery("id", BundleProfileRelation.class, "bundleId", Filter.eq("sourceApplication.name",selectedApp.getName())));

    Iterator it = context.search(Bundle.class, qo);

    while ((null != it) && (it.hasNext()) ) {
        roles.add(it.next());
    }
    dynamicValue.setValue(roles);
    field7.setAllowedValuesDefinition(dynamicValue);
}

check the filter, i am not sure is correct.

But, why dont use the Manage user access?

pctripathi · August 28, 2024, 6:00am

I am not sure of few things. Since I am new to this field and this language. I am parallelly learning code and concepts both.

How can I use Manage user access here?

enistri_devo · August 28, 2024, 6:16am

sorry I didn’t explain myself well. You are try to create a form with the same behavior of Manage user access. Why dont use it directly?

what do you have doubts about?

system · October 27, 2024, 6:17am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting Roles under Application IIQ Discussion and Questions workflows , identityiq , forms	1	29	September 16, 2024
Import roles in IdentityIQ using rule IIQ Discussion and Questions rules , identityiq , roles	6	45	October 22, 2024
Filter Account by last name from Application IIQ Discussion and Questions workflows , identityiq , forms	9	29	September 20, 2024
I want to display entitlements name that are in a role but no longer in entitlement catalog IIQ Discussion and Questions identityiq	6	38	September 13, 2024
Error while fetching the Report for Role Details IIQ Discussion and Questions identityiq , reports , applications	1	15	October 15, 2024

Get application roles as well as search for the roles

Related Topics