How to obtain entitlements of an identity?

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi fellow experts,

I want to get list of entitlements hold by an identity in IDN via IDNRuleUtil (idn) in rule.

Is it possible to do so? Or appreciate if anywhere I can get an idea of IDN data model will be helpful as well.

2

You can try to use the getManagedAttributeDetails or getManagedAttributeDescription function in IDNRuleUril

/**
    * Finds the ManagedAttribute by sourceId/name/value/type and returns its details in ManagedAttributeDetails model.
    *
    * @param sourceId The sourceId used to query the ManagedAttribute.
    * @param name The name of the attribute used to query the ManagedAttribute.
    * @param value The value of the attribute used to query the ManagedAttribute.
    * @param type The type of attribute used to query the ManagedAttribute (see enum ManagedAttribute.Type).
    * Defaults to Entitlement (if null provided).
    * @return ManagedAttributeDetails if found or else null.
    * @throws GeneralException wrapping underlying DB related errors.
    */
    public ManagedAttributeDetails getManagedAttributeDetails(String sourceId, String name, String value, ManagedAttribute.Type type)


//IdnRuleUtil is available in rules as the "idn" variable, which you can use the same way you can currently use context.
/*
  * In Before Provisioning rules (where this will likely be used), the source being provisioned to
  * is passed in by the "application" variable. You can use this to get sourceId using application.getId().
  * e.g. String sourceId = application.getId();
*/
String entitlementDescription = idn.getManagedAttributeDescription(sourceId, attributeName, attributeValue, Type.Entitlement);

If those don’t work you can use the Account link and fetch related account and then use the get() function to retrieve the entitlements.

Reference:

2 Likes
3

Thanks for the tips. But I am not clear on the data model in IDN in order for me to pass the right value to the mentioned util function.

As in common example, we can obtain identity related information by:
Identity id = plan.getIdentity();

How do I get the source id of the Access Profile/Entitlement that hold by this particular identity, in order to allow me to get detailed info via idn.getManagedAttributeDescription(…)

4

Hi @jolan

I don’t think getManagedAttributeDetails() method is useful for your requirement as it returns a single object (ManagedAttribute aka Entitlement).

You can find the IDN Java doc here

I believe you are trying to implement this requirement in Before Provisioning Rule or any other cloud Rule, which needs cloud deployment by SailPoint Expert Services, so we cannot play with methods here.

The best way here, I believe is get data from Account.

import sailpoint.object.Identity;
import sailpoint.rule.Account;
import java.util.List;

List groupList = new ArrayList();
String appName = application.getName();

//Get Account of the identity
Identity identity = plan.getIdentity();
String idName = identity.getName();

Account account = idn.getFirstAccount(appName, idName);

if (null != account ) {

    if (account.getAttribute("group") != null) {

        if (account.getAttribute("group") instanceof String) {

            groupList.add(account.getAttribute("group"));
        } else {
            groupList.addAll(account.getAttribute("group"));
        }

    }
}

Customize this code as per your application schema.

Thanks
Krish

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.