How to use COMPLEX_CRITERIA option to assignUsersToRole Using Role Importer Tool

Has anyone been successful with using COMPLEX_CRITERIA to define the assignment criteria for roles? I am trying to configure ‘OR’ within the same criteria group and ‘AND’ across criteria groups.

I need help with the proper format for the JSON to provide the assign role criteria.

The roleimporter Readme provides an example JSON object which I have not been successful at formatting for the tool to consume. Here si the error message I get:

C:/Ruby32-x64/lib/ruby/3.2.0/json/common.rb:216:in `parse': unexpected token at '"children"":""key"":""property"":""attribute.JobFunction"",""sourceId"":""2c918086700000000000003c896b1a"",""type"":""ACCOUNT""},""operation"":""EQUALS"",""stringValue"":""EXECUTIVE EADERSHIP""},{""key"":""property"":""attribute.JobFunction"",""type"":""IDENTITY""},""operation"":""EQUALS"",""stringValue"":""My Department-2""}],""operation"": ""AND""}"' (JSON::ParserError)
        from C:/Ruby32-x64/lib/ruby/3.2.0/json/common.rb:216:in `parse'
        from roleImporter.rb:1814:in `block in <main>'
        from C:/Ruby32-x64/lib/ruby/3.2.0/csv.rb:2557:in `each'
        from C:/Ruby32-x64/lib/ruby/3.2.0/csv.rb:1334:in `block in foreach'
        from C:/Ruby32-x64/lib/ruby/3.2.0/csv.rb:1610:in `open'
        from C:/Ruby32-x64/lib/ruby/3.2.0/csv.rb:1333:in `foreach'
        from roleImporter.rb:1056:in `<main>'

Please advice

Hi @adebomol2024

Can you share the fill json request ?

Hello Adebolu, I recently have been successful with using the COMPLEX_CRITERIA for assigning birth right role assignment criteria via the Bulk role importer script.
The json format for the input of complex criteria looks like :

{"children": [{"key": {"property": "attribute.uid", "type": "IDENTITY"}, "operation": "EQUALS", "stringValue": "someValue"}, {"children": [{"key": {"property": "attribute.LIFECYCLE_STATE", "sourceId": "source id of the account attribute", "type": "ACCOUNT"}, "operation": "EQUALS", "stringValue": "someValue2"}, {"key": {"property": "attribute.LIFECYCLE_STATE", "sourceId": "source id of the account attribute", "type": "ACCOUNT"}, "operation": "EQUALS", "stringValue": "some value"}], "operation": "OR"}], "operation": "AND"}

If the attribute is an account attribute then you need to mention the type as ACCOUNT and mention the source id as given above, if it is an identity attribute you need to mention the type as IDENTITY,If it is an entitlement you need to give the type as ENTITLEMENT and mention the source id as given above.

In your case I guess that the input JSON given for the complex criteria has been invalid or there may be some braces or format missing in the given JSON input. Kindly try after verifying the JSON format of the input.

Here’s the complex_criteria I used that failed:

{"operation":"AND","children":[{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.department","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.department","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.department","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"EQUALS","key":{"type":"IDENTITY","property":"attribute.cloudLifecycleState"},"stringValue":"ACTIVE"},{"operation":"EQUALS","key":{"type":"IDENTITY","property":"attribute.Profile"},"stringValue":"SomeStringValue"}]}}

Hello @adebomol2024 , When I tried to validate your json it said it has some error which it doesn’t i guess. Try opening the csv file via an excel or some other editor convenient to you and paste the json value given below manually. If you are pasting directly via VS code or some application where you are just entering values separated with a delimiter like comma or semi colon, you may get some errors as commas are considered as delimiters in csv mostly.This will be the value displaying in the preview :

{"operation":"AND","children":[{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.title","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.organization","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.level","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.department","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.department","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"},{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.department","sourceId":"THE_SOURCEID"},"stringValue":"SomeStringValue"}]},{"operation":"EQUALS","key":{"type":"IDENTITY","property":"attribute.cloudLifecycleState"},"stringValue":"ACTIVE"},{"operation":"EQUALS","key":{"type":"IDENTITY","property":"attribute.Profile"},"stringValue":"SomeStringValue"}]}

I tried this structure with conditions and the script ran without any errors. Just make sure this big value is written under a single cell only by previewing it.

image2788×246 37.1 KB

the value will be looking in delimited file in raw format like this :
"{""operation"":""AND"",""children"":[{""operation"":""OR"",""children"":[{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.title"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.title"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.title"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.title"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.title"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.title"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""}]},{""operation"":""OR"",""children"":[{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.organization"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.organization"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.organization"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.organization"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""}]},{""operation"":""OR"",""children"":[{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.level"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.level"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.level"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.level"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""}]},{""operation"":""OR"",""children"":[{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.department"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.department"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""},{""operation"":""EQUALS"",""key"":{""type"":""ACCOUNT"",""property"":""attribute.department"",""sourceId"":""THE_SOURCEID""},""stringValue"":""SomeStringValue""}]},{""operation"":""EQUALS"",""key"":{""type"":""IDENTITY"",""property"":""attribute.cloudLifecycleState""},""stringValue"":""ACTIVE""},{""operation"":""EQUALS"",""key"":{""type"":""IDENTITY"",""property"":""attribute.Profile""},""stringValue"":""SomeStringValue""}]}"
I ran this condition in the script without any errors…
Hope this is useful to you.

TRhanks for your response. For the sourceid, is it the sourceid or the source name?

It is the source id.

If my response was useful, kindly mark it as a solution

Even I faced the same issue, Thankyou for the solution !

You are most welcomed.It would be really nice if you marked it as a solution (If you are able to…)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.