import sailpoint.object.TaskResult;
import sailpoint.object.QueryOptions;
import sailpoint.object.Identity;
import sailpoint.tools.Message;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import java.util.*;
import sailpoint.object.*;
import sailpoint.object.Bundle;
QueryOptions qo = new QueryOptions();
Iterator it = context.search(Bundle.class, qo);
String roleNames = "";
while (it.hasNext()) {
Bundle bundle = it.next();
List profiles = bundle.getProfiles();
for (Profile profile : Util.safeIterable(profiles)) {
List constraints = profile.getConstraints();
for (Filter cons : Util.safeIterable(constraints)) {
Application app = profile.getApplication();
if (app != null) {
Schema accountSchema = app.getAccountSchema();
if (accountSchema != null) {
if (cons instanceof Filter.LeafFilter) {
String property = cons.getProperty();
Map map = accountSchema.getAttributeMap();
// Check if the property (entitlement) is missing
if (map != null && !map.containsKey(property)) {
roleNames += String.format("%s\n", bundle.getName());
}
}
}
}
}
}
}
TaskResult taskResult = context.getObjectByName(TaskResult.class, "AIZ-RoleEntitlementMissing");
if (taskResult != null) {
taskResult.setAttribute("roleNames", "Roles with missing entitlements:\n" + roleNames);
taskResult.setCompletionStatus(TaskResult.CompletionStatus.Success);
context.saveObject(taskResult);
}
// Return the list of role names
return roleNames;
Hello Anmol,
Are you trying to display the list of entitlements that were deleted from entitlement catalog, which was previously present in the role?
Could you please explain more about the requirement?
1 Like
here it returns the role names that contains an entitlement which does not exist in the entitlement-catalogue.
but along with role names i want to get names of that entitlement too that doesnot exist in the entitlement-catalogue.
basically we want script to tell us which entitlements that are in the role but no longer in the entitlement catalog
After the above line you can use below code snippet to check if the entitlement value is null or not null. If not null, then your entitlement exists in the system else it does not exist.
List valueList = (List) ((LeafFilter) cons).getValue();
for(String entName:valueList)
{
if(property!=null @and entName!=null)
{
ManagedAttribute ent=ManagedAttributer.get(context, application, property, entName);
if(ent==null)
//Does not exist in the system;
else
//Exist in the system
}
}
Let me know if further help is needed.
Thanks
An unexpected error occurred: java.lang.Exception: sailpoint.tools.GeneralException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.object.TaskResult; import sailpoint.object.QueryOptions; import . . . '' : Typed variable declaration : Attempt to resolve method: get() on undefined variable or class name: ManagedAttributer : at Line: 37 : in file: inline evaluation of: import sailpoint.object.TaskResult; import sailpoint.object.QueryOptions; import . . . ‘’ : ManagedAttributer .get ( context , app , property , entName ) BSF info: AIZ-TaskRule-RoleEntitlementMissing at line: 0 column: columnNo
Hi @autorun6464,
This particular error is because of missing below import.
import sailpoint.api.ManagedAttributer;
So please ensure all the objects are imported prior to using it.
Thanks