8.3
I have 4 categories of users onboarded from an application xyz, groups aggregated from the same application.
I need to restrict the groups requestability baseed on the cateogry the user belongs to. What is the most straightforward way to achieve this?
Hi @DivyanshuTripathi you can achieve this using quicklinks
You will have to implement RequestObjectSelector rule available under Global Settings –> Quicklink populations
Hi @DivyanshuTripathi ,
Create extended attribute ‘category’ for ManagedAttribute and populate the groups in the application with the corresponding category, so we can use this category attribute to decide which entitlements to display based on the requester category.
Create a rule of type ‘RequestObjectSelector’ which is responsible for displaying the valid entitlements for requesting based in category attribute and you can specify this rule in what can members request for section in the Quicklink.
Here is the sample code you can modify according to your requirements, you can create an identity Attribute to show only valid entitlements, or you can retrieve it from the link.
import sailpoint.object.Identity;
import sailpoint.object.Application;
import sailpoint.api.IdentityService;
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.QueryInfo;
import sailpoint.tools.Util;
import sailpoint.object.Link;
import java.util.List;
import java.util.ArrayList;
import org.apache.log4j.Logger;
QueryInfo queryInfo ;
String appName=""; // Application Name
Application application = context.getObjectByName(Application.class,appName);
IdentityService service = new IdentityService(context);
if(requestor!=null){
List links = service.getLinks(requestor,application);
if(links!=null && !links.isEmpty()){
for(Link link : links){
if(link!=null){
String category = link.getAttribute("category");
QueryOptions options = new QueryOptions();
if(Util.isNotNullOrEmpty(category)){
options.addFilter(Filter.or(Filter.ne("application.name",appName),Filter.and(Filter.eq("category",category),Filter.eq("application.name",appName))));
queryInfo = new QueryInfo(options);
return queryInfo ;
}else{
return new QueryInfo(Filter.ne("application.name",appName), false);
}
}
}
}else{
QueryOptions options = new QueryOptions();
Filter filter1 = Filter.ne("application.name",appName);
options.addFilter(filter1);
return new QueryInfo(options);
}
}
return new QueryInfo(Filter.ne("application.name",appName), false);
Hi @DivyanshuTripathi you can try Quicklink populations
You can create QuickLinkPopulation (DynamicScope) for your category of users
Then for each QLPs, you can use the ResourceObjectSelector Rule to customize which groups can be requested by the members of that QLPs. Some template for those rule type can be found in compass.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
