How to Remove Entitlements in Beanshell

AJGibson76 · May 2, 2025, 9:19pm

Which IIQ version are you inquiring about?

8.4

How can I programmatically remove entitlements from an identity via a ProvisionPlan? We’ve tried a few ways, but have made little progress. Is there example code?

pravin_ranjan · May 2, 2025, 9:38pm

@AJGibson76

Try to build logic like below

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell"  name="Rule-EntitlementRemove">
<Source>
import sailpoint.object.*;
import java.util.*;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.concurrent.TimeUnit;
import sailpoint.api.Provisioner;
import sailpoint.api.*;
import java.util.Iterator;
import sailpoint.api.SailPointFactory;
import sailpoint.api.SailPointContext;
import sailpoint.api.ObjectUtil;
import org.apache.commons.lang.StringUtils;
import sailpoint.tools.GeneralException;
import sailpoint.task.*;
import sailpoint.object.IdentityRequest;
import sailpoint.object.IdentityRequestItem;
import sailpoint.object.Filter;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ManagedAttribute;
import org.apache.bsf.BSFException;


String idName="ABC123";

Identity iden=context.getObjectByName(Identity.class,idName);

String appname="AppXXX";

ProvisioningPlan plan = new ProvisioningPlan();

plan.setIdentity(iden);

AttributeRequest attributeRequest = new AttributeRequest();
AccountRequest accountRequest = new AccountRequest();

accountRequest.setApplication(appname);
accountRequest.setNativeIdentity("NATIVE IDENTITY OF THE ACCOUNT"); 

accountRequest.setOperation(AccountRequest.Operation.Modify);

Filter filter1 = Filter.eq("application.name",appname);

Filter filter2 = Filter.eq("identity.name",idName);

Filter filter = Filter.and(filter1, filter2);

QueryOptions qo = new QueryOptions();

qo.addFilter(filter);

Iterator it = context.search(IdentityEntitlement.class, qo);

if (it.hasNext()) {

while (it.hasNext()) {

IdentityEntitlement idEntitlement = it.next();
if (accountRequest.getNativeIdentity() == null) {

}


attributeRequest.setName(idEntitlement.getName());
attributeRequest.setOperation(ProvisioningPlan.Operation.Remove);
attributeRequest.setValue(idEntitlement.getValue().toString());
accountRequest.add(attributeRequest);
}

}

plan.add(accountRequest);


String assigner="spadmin";


Provisioner provisioner = new Provisioner(context);

provisioner.setAssigner(idName); // String of Identity making the change.

provisioner.compile(plan);

provisioner.execute();

return "Success";

</Source>
</Rule>

some examples
Disabling Account and Removing entitlements - Compass

Solved: Removing Entitlement Rule - Compass

system · July 1, 2025, 9:38pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove entitlement IIQ Discussion and Questions identityiq , provisioning , entitlements	4	126	June 23, 2025
Removing all users Roles and Entitlements IIQ Discussion and Questions workflows , rules , identityiq , lifecycle-management	10	457	February 10, 2025
Active directory entitlement Deletion along with member removal IIQ Discussion and Questions identityiq , entitlements	9	80	January 9, 2026
Remove the entitlements assigned via entitlements request, when a user gets disabled for SAP direct connector ISC Discussion and Questions rules , identity-security-cloud , provisioning , entitlements	4	855	July 28, 2023
Remove entitlements from identity links IIQ Discussion and Questions rules , identityiq	7	114	October 23, 2025

How to Remove Entitlements in Beanshell

Which IIQ version are you inquiring about?

Related topics