IdentityNow ProvisioningPlan Issue: sailpoint.tools.GeneralException: Missing identity

Hi All,

Requirement: Any time user is requesting JDBC entitlement need to provision underlying entitlements via direct connector.
For this solution we have build proviosning plan in global provisioning rule but getting below error.

org.apache.bsf.BSFException: The application script threw an exception: sailpoint.tools.GeneralException: Missing identity BSF info: GlobalProRule

Could you please sugget me how to set identity in plan.

adding provisioning code below.

import java.util.Iterator;

import sailpoint.api.Provisioner;
import sailpoint.api.SailPointContext;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningResult;
import sailpoint.object.QueryOptions;

log.error(" Started global Provisioning Rule Plan is "+plan);
ProvisioningResult result = new ProvisioningResult();

result.setStatus( ProvisioningResult.STATUS_COMMITTED );

ProvisioningPlan newPlan = new ProvisioningPlan();
AccountRequest accReq = new AccountRequest();
accReq.setApplication(“Oracle”);
accReq.setOperation(AccountRequest.Operation.Modify);
accReq.setNativeIdentity(“3bb326b27815472f9423f3e20c55ef22”);
AttributeRequest attr = new AttributeRequest();
attr.setName(“group”);
attr.setValue(“7577AC9E16524AF1A9F0E7EE40F9EEB2”);
attr.setOperation(ProvisioningPlan.Operation.Add);
accReq.add(attr);
newPlan.add(accReq);

String nativeIdentity = accReq.getNativeIdentity() ;
log.error(" nativeIdentity "+nativeIdentity);

Identity identity = plan.getIdentity();
log.error(" identity “+identity+” nativeIdentity “+nativeIdentity);
if(identity !=null) {
newPlan.setIdentity(identity);
}else {
log.error(” Inside Else");
newPlan.setNativeIdentity(nativeIdentity);
}
log.error(" identity Updated “+identity+” nativeIdentity “+nativeIdentity);
log.error(” global Provisioning Rule newPlan ");
Provisioner p = new Provisioner(context);
p.setNoLocking(true);
p.compile(newPlan);
p.execute();

return result;

Hi Surya,

May i ask why are we using accReq.setNativeIdentity(“3bb326b27815472f9423f3e20c55ef22”); in the code and does this native identity exists in ISC ?

Ideally you should get the native identity first and then apply the updates on the provisioning plan.

I hope this helps.

Regards
Vikas.

I am testing new plan with static values.

If you are trying with static values then you need to consider an existing Oracle account native identity. Also you will not have access to context and Provisioner classes in ISC. this may be IIQ code which will not work in ISC. You need to try a different approach.

Hi @Surya353

Yes, agree with @udayputta here. Please make sure this account is existing account in ISC as well as it exists in back-end application. I also do not see any update operation to the DB in this code snippet but i assume you are covering that in some other method.

Thank You.
Regards
Vikas

Hello Surya, If I understand the use case correctly, you basically need to provision an entitlement (to a different source) when a user requests a JDBC entitlement. Essentially, the user will have two entitlements when they request one. Can’t you just make a role and have the two entitlements there, so that they always get the two access at the same time? Another thing is in ISC, we dont have context available in rules. Hence, the way you are trying to execute your plan (Provisioner p = new Provisioner(context); ) won’t work.

Thank you Aishwarya Goswami,

Seems this is good idea.

If we follow this approach I have to create 100+roles manually and need add two different connector entitlements.

Is there any alternate option to create or update sailpoint role automatically.

We have a table storing role+Entitlements mappings.

Role,Entitlement
role1,Ent1
role1,Ent2
role1,Ent3
role2,Ent3
role2,Ent4

role1,role2 are requestable.

Ent1,Ent2,Ent3,Ent4 these are from different connector entitlements.

In SailPoint we have configured JDBC source and pulling roles and entitlements information via group aggreation.

Could you pease suggest me how to create roles automatically?

Hi @Surya353 ,
Use “IdentityNow Bulk Access Profile and Role Importer” for bulk role creation https://community.sailpoint.com/t5/Professional-Services/IdentityNow-Bulk-Access-Profile-and-Role-Importer/ta-p/77382

So this is easy,

you’re grabbing teh Account native Identity and putting in the plan Identity field.
these are 2 diferent things. the plan carries the Identity, the accoun request the Account ID in the applicaiton.

Hello Surya, as Gourab mentioned above try using the bulk role importer, it should make your job simpler.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.