How to verify if an entitlement already exist before create account by BPRule

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Which IIQ version are you inquiring about?

Version 8.3

Please share any images or screenshots, if relevant.

errorRule.jpg
errorRule.jpg993×90 20.4 KB

Share all details related to your problem, including any error messages you may have received.

Hello, everyone,

I am trying to build a before provisioning rule to check the existence of an entitlement in Sailpoint before the Create operation is processed.
Specifically, the creation of a Salesforce account is to be done via an automatic role assignment which also involves the assignment of a “built in” entitlement in the Provisioning Policy (the assignment is not done via the Entitlement panel in the role). With the BPRule I have to try to check whether that specific entitlement already exists in Sailpoint, if it exist it must proceed with the creation and assign it otherwise block the creation.

Attached I leave you a draft of my rule with the error I encounter.
I hope you can help me,
Thank you

import sailpoint.api.;
import sailpoint.api.SailPointContext;
import sailpoint.server.InternalContext;
import java.util.Iterator;
import java.util.List;
import sailpoint.object.;
import sailpoint.object.Identity;
import sailpoint.object.Application;
import sailpoint.object.Link;
import sailpint.tools.Util;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.Operation;
import java.util.ArrayList;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import sailpoint.integration.ProvisioningPlan.ObjectRequest;
import sailpoint.object.Identity;
import sailpoint.object.Application;
import sailpoint.object.IdentityEntitlement;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.object.Entitlements;
import sailpoint.object.TaskDefinition;
import sailpoint.object.TaskResult;
import sailpoint.tools.Message;
import sailpoint.object.Attributes;
import java.util.HashMap;
import java.util.Map;
import connector.common.JsonUtil;
import connector.common.Util;
import sailpoint.object.Identity;
import sailpoint.object.ManagedAttribute;
import sailpoint.object.Entitlement;
import sailpoint.object.QueryOptions;
import sailpoint.api.SailPointContext;
import java.util.List;

QueryOptions qo = new QueryOptions();

Filter filter = Filter.eq(“displayName”, “Direzione vita assunzione”);
qo.add(filter);

System.out.println(“start 1”);
List entitlements = new ArrayList();

Iterator it = context.getObjects(ManagedAttribute.class, qo);

System.out.println(“***********start 2”+ entitlements);

System.out.println(“start 3”);

2

You have to consider including the application since there is a chance that you may have same entitlement names across the applications. What error are you receiving?

3

@Marzia00
The error you are seeing here is pretty much straight forward because below method returns a list of ManagedAttribute objects

context.getObjects(ManagedAttribute.class, qo);

However based on the use case you are providing you may have to revisit your before provisioning rule by getting the plan, input operation and then attribute request to identify the entitlement and then do the code to check if the entitlement is present already within SailPoint
Also it is better to check against the value instead of display name

4

Use this: List entitlements = Iterator it = context.getObjects(ManagedAttribute.class, qo);

Btw, you can use a better identification to search the entitlement.

5

is the entitlement belongs to the same application for which the request is made ?

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.