IdentityIQ Bulk Role Creation

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Greetings to everyone,

I have a simple question: Is it possible to create Roles in bulk (via UI Administration Console, CSV file or API) in a standard version 8.3 of IdentityIQ?

It is just to understand better the plataform.

Best regard

2

Unfortunatelly not out of the box, there are couple of ways how to automate this operation but whichever option you take it will require more or less coding. Here are the options

  1. You can write Run Rule to load them from csv file
  2. You can create (generate via.some script) XML objects of roles and import them via gui or iiq console
  3. You can write a jshell script to do basically the same as in point 1

I know Ventum created once role loader to IIQ - i will share it in colab if I get permission to do that. Give some time to check it.

1 Like
3

check
https://community.sailpoint.com/t5/IdentityIQ-Forum/How-to-create-IT-Role-using-api/m-p/109886#M92457

This is for IT role

1 Like
4

Our third-party support introduces the Role Importer for IdentityIQ. This helped us a lot on creating a bulk role by calling a CSV File

1 Like
5

I am getting “Access Denied”. Is there any other source?

7

You can create a python script to create the managed attribute, IT role, Business Role, and workgroups for the Role. We exported each of these form debug for a test role, and then use a spreadsheet that hold each needed value and generate each of those XML attributes into a single XML that we can bulk import into IIQ, this also allows us to save a baseline. We do this for all roles additions, so we have an XML file for all roles within the system.

1 Like
8 
Code:

import sailpoint.object.Bundle;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.Profile;
import sailpoint.object.Attributes;
import sailpoint.object.Filter;
import sailpoint.tools.Util;


  Bundle new_role = new Bundle();
  new_role.setName("Test IT Role");
  new_role.setOwner(context.getObjectByName(Identity.class,"spadmin"));
  new_role.setType("it");
    Filter f = Filter.eq("groups", "cn=Contractors,ou=groups,dc=training,dc=sailpoint,dc=com"); 

    Profile p = new Profile(); 
    p.addConstraint(f); 

    Application entApplication = context.getObjectByName(Application.class, "LDAP"); 
    p.setApplication(entApplication); 
    new_role.add(p); 
  
context.saveObject(new_role); 
  context.commitTransaction(); 

Resultant Role:

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE Bundle PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Bundle created="1545236335950" id="ff80808167a5cd090167c7434d4e0516" name="Test IT Role" type="it">

  <Owner>
    <Reference class="sailpoint.object.Identity" id="ff80808161b5196e0161b51993560105" name="spadmin"/>
  </Owner>

  <Profiles>
    <Profile created="1545236335951" id="ff80808167a5cd090167c7434d4f0517">
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" id="ff80808161b51a2a0161b51a4515000d" name="LDAP"/>

      </ApplicationRef>
      <Constraints>
        <Filter operation="EQ" property="groups" value="cn=Contractors,ou=groups,dc=training,dc=sailpoint,dc=com"/>

      </Constraints>
    </Profile>
  </Profiles>

</Bundle>
1 Like
9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.