oldValue refers to the current value for that attribute.
HR system will update the attribute value in case if any.
For any reason, if you don’t want to update the attribute then you can return oldValue only.
For example, you have developed an IdentityAttribute Rule for lastName attribute. if there is a change in lastName, you can create an audit event for that. Anyway we have value change Rule for that in Attribute mappings.
String lastName_Old =oldValue.toString();
String lastName_new = link.getAttribute("lastName");
if (! lastName_Old.equalsIgnoreCase(lastName_new)) {
/* Audit event or any other logic
*/
}
I haven’t come across any real time usecase here. I use to implement in value change Rule for auditing.
Preserving old value for any reason, I haven’t seen that in real time usage.
The ‘IdentityAttribute’-Rule is used during SourceMapping from an application account (Link, for instance the HR source account) to an attribute on the identity-cube if it is set as Application Rule. This will run during the identity refresh phase of the Aggregation Task for that Application (and during IdentityRefresh with option ‘Refresh identity attributes’ enabled)
It can also be used as a Global Rule in the SourceMapping ro an attribute on the Identity-cube, where it is not tied to an application. It will run each time there is a refresh on the identity (each aggregation task and during IdentityRefresh with option ‘Refresh identity attributes’ enabled). An example might be to count the number of accounts an Identity has and put that number in an attribute.
The value returned by the ‘IdentityAttribute’-Rule will be put as value of the attribute on the identity-cube. The ‘oldValue’ available in the rule is the value of the attribute as it was set before the rule runs. It is just extra information which can be used within the rule. If the attribute value should not change (for whatever reason), the oldValue should be returned the ‘IdentityAttribute’-Rule.
Take a look at the sequence diagram. The ‘IdentityAttribute’-Rule runs in the part of the Source Mapping.
@MVKR7T thank you for your answer just to refined the code you share i put it all together, because I didnt get the part of “Audit” , so its also ok return the new value else keep the oldValue
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Lastname Identity Attribute Rule" type="IdentityAttribute">
<Source><![CDATA[
String lastName_Old =oldValue.toString();
String lastName_new = link.getAttribute("lastName");
if (!lastName_Old.equalsIgnoreCase(lastName_new)) {
/* Audit event or any other logic*/
return lastName_new;
}
else{
return oldValue.toString();
}
]]></Source>
</Rule>