How to access account attributes data in JDBC connnector rule?

Hi! I am developing a JDBC provisioning rule. I could get the account data in the create plan operation. However, at the modify plan operation, account.getAttributeRequests returns only the id of the entitlement being modifying. I only have acces to IDN uid through the plan.getNativeIdentity method, however, this application has a different login.

Insert statement should be (app_login, entitlement_id).

getArgs() and getArguments() is deprecated and returns null. Is some way to obtain account fields like in create operation?

PS: I have a workaround asking client to add a column with IDN login value, but this should be my last plan.

Hi @jsosa

You cannot access data that is not there in Plan/AccountRequest in connector Rule as you cannot connect to the cloud data.

You need to manage this in Before Provisioning Rule which is cloud Rule and can query the database.

Thanks
Krish

Hi @MVKR7T thank you for your response. My problem is that the information I need at Modify operation is on IDN, not in database.

I am needing 2 fields from IDN application account to get, for example, database user id, in order to insert an entitlement (userid, entid, othervaluefromRH). I could add them to the identity profile, but still should need to access IDN identity attributes.

How can I query them from a Before Provisioning Rule?

Hi @MVKR7T I found that I was looking in the wrong place. I thought that it should be part of the connector rules like the web services BP rule, but you were talking about the cloud rule. I will give it a try as It is my first time using it.

Thanks!

If I understood correctly,

Where do you have these fields ?

  • In application object ?

  • In Identity object ?

  • In Link/Account object ?

I believe you are using JDBC Provision Rule which is connector level. Do you have the object as input to the Rule ? If yes then you can get the data.

Let us say that data is in application object, you have it as an input. So you can get the attributes.

In case if these attributes are in identity object, you don’t have entire identity as input here. So, you need to build identity object which is nothing but querying IDN DB. You cannot query the IDN DB from connector Rules, you can do only through cloud Rules. That is where you get the need of Before Provisioning Rule.

Thanks
Krish

Hi @MVKR7T thank you very much for always being there!

Looking the cloud rule, it brought me an idea that worked fine without using the BP cloud rule. It works fine for me, I will share so it remains here for other to use.

First thing is that the Before Provisioning cloud rule comes with a message that establish that it should be not used to add attributes to plan, so they suggest to use a create provisioning policy instead:

This is when I have the idea of see what happens if I use an UPDATE provisioning policy, and then account attributes begging to appear at the Modify Operation level in the rule.

So first thing I did is call the GET to obtain the CREATE provisioning policy:

Then I simply paste the same code, changing usageType to UPDATE:

Some weird thing I noticed, is that fields that has the identity attribute direct transform does not apper in the Modify Operation, other accoun attributes with static transform, or other transform (I had a random number transform) indeed appears when Modify Operation occurs.

So as a workaround, in the CREATE provisioning policy (the Create Account in the UI), I mapped some XXX attribute with the desired Identity attribute, and then use the Account Attribute transform in the UPDATE provisioning policy:

Now, before entering the operation evaluating plan, I create a Map with account attribute/value like this:

Map accountAttributes = new HashMap();
List attributesRequestList = account.getAttributeRequests();
Iterator attributesRequesIterator = attributesRequestList.iterator();
while (attributesRequesIterator.hasNext()) {
	AttributeRequest attributeRequest = (AttributeRequest) attributesRequesIterator.next();
	log.warn("attribute##" + attributeRequest.getName() + "##" + attributeRequest.getValue() + "##" + attributeRequest.getDisplayValue());
	accountAttributes.put(attributeRequest.getName(), attributeRequest.getValue());
}

if (AccountRequest.Operation.Create.equals(account.getOperation())) {
........................................................

Finally, I just revised Map and found the value I needed:

On log, when adding an entitlement:

1 Like

I add a patch to previously post. I realized that not all attributes come, because only comes updated attributes. At some moment, only saw the attribute that contains the random number transform.

So I figured out an update to last provisioning policy to bring account/identity attributes. I simply generated the desired account attribute (which holds the identity attribute), concatenated with an β€œ-” and a random number. Then, this attribute comes with every operation:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.