Hi All,
i have to write a code for advanced policy .so that I tried many ways but i cant get the users selecting entitlement which before access request submit the request . can you please suggest any idea or can you have any sample code for that
getExceptions() - i tried this medhod ,so iam getting existing entitlement for that user
Thanks,
Ranjith
Hi @rajeshs
here the requirement is if ABC entitlement from XYZ application is selected
Need to check whether the selected user is having the XYZ application or not
a. if the user have an application then allow the request
b. If the user don’t have the application link then block him saying "please raise request for “Role A” and get the account created.
Please check the below code . in this code i need to get users selecting entitlement
futureIDExceptions=futureID.getExceptions(); - but iam getting existing entitlement for that user . can you please give any suggest for this
import sailpoint.object.;
import java.util.;
import java.text.*;
import org.apache.log4j.Logger;
import org.apache.log4j.Level;
boolean roleViolation = true;
PolicyViolation violation = null;
String appName;
boolean isViolation = false;
boolean rasieRequest = false;
boolean hasApp = false;
Identity futureID=identity;
if(null != futureID && null != existingID)
{
List existingIDExceptions = new ArrayList();
List futureIDExceptions = new ArrayList();
Identity existingID=context.getObjectByName(Identity.class,futureID.getName());
List links = existingID.getLinks();
for(Link link : links)
{
if(link.getApplicationName().equals(“Application Name”))
{
hasApp = true;
break;
}
}
if(!hasApp)
{
if(null!=futureID){
existingIDExceptions=existingID.getExceptions();
futureIDExceptions=futureID.getExceptions();
if(existingIDExceptions!=null && existingIDExceptions.size()>0){
for (EntitlementGroup entitlementGroup : existingIDExceptions) {
String entitlementAppName = entitlementGroup.getApplicationName();
if(entitlementAppName.equalsIgnoreCase(“Application Name”)) {
//rasieRequest = true;
}
}
}
if(futureIDExceptions!=null && futureIDExceptions.size()>0){
for (EntitlementGroup entitlementGroup : futureIDExceptions) {
String entitlementAppName = entitlementGroup.getApplicationName();
if(entitlementAppName.equalsIgnoreCase(“Application Name”)) {
rasieRequest = true;
}
}
}
if(rasieRequest)
{
String blockingMsg =“You cannot request Application Name Entitlement without Application Name”;
violation = new PolicyViolation();
violation.setActive(true);
violation.setIdentity(identity);
violation.setPolicy(policy);
constraint.setName(blockingMsg);
violation.setConstraint(constraint);
violation.setDescription(blockingMsg);
violation.setStatus(sailpoint.object.PolicyViolation.Status.Open);
}
}
}
}Preformatted text
return violation;
Hi @Ranjith2000,
You can find the entitlements raised by the user by finding the difference of entitlements by the provided identity object and existing identity, in your case existingID and futureID. Also, you can use the below code snippet to get the entitlements from new and old identity object.
public List fetchIdentityEnt(Identity identity, String applicationName) {
List applicationLinks = identity.getLinks();
List entitlementList = null;
if (applicationLinks != null && applicationLinks.size() > 0) {
for (Link singleIdentityLink : applicationLinks) {
if (applicationName.equals(singleIdentityLink.getApplicationName())) {
try {
entitlementList = singleIdentityLink.getEntitlements(Locale.getDefault(), "");
} catch (GeneralException e) {
//logger.error("The Error is: " + e);
}
}
}
}
return entitlementList;
}
Hello,
would like to add some thoughts here:
I have implemented this many times, I have posted the solution here
Solved: Advanced Policy: Extracting Requested Roles/Entitles When Submitting Requests Through Manage Access - Page 2 - Compass (sailpoint.com)
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.