Import roles in IdentityIQ using rule

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

version 8.4

Please share any other relevant files that may be required (for example, logs).

I have used this rule to fetch the roles but i am getting only one role instead of all roles.

  import java.io.File;
  import java.util.List;
  import java.util.HashMap;
  import sailpoint.object.Application;
  import sailpoint.object.Bundle;
  import sailpoint.object.Identity;
  import sailpoint.object.IdentitySelector;
  import sailpoint.object.IdentitySelector.MatchExpression;
  import sailpoint.object.IdentitySelector.MatchTerm;
  import sailpoint.object.Link;
  import sailpoint.object.Profile;
  import sailpoint.object.Filter;
  import sailpoint.object.QueryOptions;
  import sailpoint.object.Schema;
  import java.sql.Connection;

 import java.sql.*;

  // Routine that takes a key/value hash of role data and builds it into roles
  // in IdentityIQ.  
  public void buildRole (HashMap roleHash) {


    String RoleType  = (String) roleHash.get("RoleType");
    String Action = (String) roleHash.get("Action");
    String RoleID  = (String) roleHash.get("RoleID");
    String RoleName = (String) roleHash.get("RoleName");
    String RoleDescription  = (String) roleHash.get("RoleDescription");
    String Owner  = (String) roleHash.get("Owner");
	String isPrivil  = "false";
    String appName  = "OD_CAM";


    log.error("RoleName --------------- :"+ RoleName);

    log.error("Role Type ----------------:  "+ RoleType);

    Bundle role = context.getObject(Bundle.class, RoleName);
    if (null == role) {
      System.out.println(" - role does not exist, creating new: " + RoleName);
      role = new sailpoint.object.Bundle();
    }   
    role.setName(RoleName);
    role.setDescription(RoleDescription);

    if (RoleType.toLowerCase().startsWith("it")) {
      role.setType("it");	  
    } else {
      role.setType("business");
    }
    log.error("Logs Value ---- 211111111");
    // Set a privileged flag on the bundle.  Default to false (not privileged).
    role.setAttribute("isPrivileged", "false");
    if ((null != isPrivil) && (0 < isPrivil.length())) {
      if (isPrivil.toLowerCase().contains("t") || 
          isPrivil.toLowerCase().contains("Y")   ) {
        role.setAttribute("isPrivileged", "true");
      }
    } 

    Identity ownerId = context.getObject(Identity.class, Owner);
    if (null == ownerId) {
      System.out.println(" - WARNING: Could not find owner [" + 
                         Owner + 
                         "] using 'spadmin' instead.");
      ownerId = context.getObject(Identity.class, "spadmin");
    }
    role.setOwner(ownerId);
    log.error("Logs Value ---- 222222222 ");
    // We need to translate application names coming in from the CSV feed.
    // Add new application names to translate to the following hash map.
    // The CSV feed name goes on the left (key) of the hash and the IIQ name
    // for the application goes in the right (value) side of the hash.
    HashMap appNameTranslations = new HashMap();
    appNameTranslations.put("JDBC",       "OD_CAM");
    // appNameTranslations.put("ERP",      "Oracle ERP");

    // Do the actual application name translation here:
   /* if ((null != appName) && (0 < appName.length())) {
      if (null != appNameTranslations.get(appName)) {
        appName = (String) appNameTranslations.get(appName);
      }
    }
*/
    // Lookup the application for the role, if one is required.
    Application appObj = null;
	appObj = context.getObject(Application.class, appName);
	log.error("Logs Value ---- ##### " + appObj );
   /* if ((null != appName) && (0 < appName.length())) {
      
      if (null == appObj) {
        System.out.println("ERROR: Could not find application: " + appName);
        System.out.println("ERROR: Skipping role creation for " + RoleName);
        System.out.println();
        return;		 
      }
    }
	*/
    log.error("Logs Value ---- 3333333 ");
    // Make sure the application (if specified) has the specified entitlement.
    if (null != appObj) {
      Schema appSchema = appObj.getSchema("account");
      if (null != appSchema) {
        List entAttrNames = appSchema.getEntitlementAttributeNames();
        if ((null != entAttrNames) && (1 == entAttrNames.size())) {
          // Deterministic single entitlement name.
          String entAttrName = entAttrNames.get(0);
          if (!entAttrName.equals(attrName)) {
            System.out.println(" - WARNING: Replacing CSV attribute [" +
                               attrName +
                               "] with schema attribute [" + entAttrName +
                               "]");
            attrName = entAttrName;
          }
        }
      }
    }
    log.error("Logs Value ----  44444444444 ");
	

    // Convert the entitlements list into a java.util.List object.
   // if ((null != entsList) && (0 < entsList.length())) {
  //    entsList = entsList.replace("\\/", "/");
  //  }
  //  RFC4180LineParser entParser = new RFC4180LineParser("|");
   // List entitlements = entParser.parseLine(entsList);

    // Convert the sub-roles list into a java.util.List object.
   // RFC4180LineParser subRolePaser = new RFC4180LineParser("|");
   // List subRolesList = entParser.parseLine(subRoles);

    // Handle IT-role specifc build out options here.
    if (role.getType().contains("it")) {

      // Clear out the previous profiles on the role.
      if (null != role.getProfiles()) {
        role.getProfiles().clear();
      }	  

      // Build the filterString for entitlements matching this IT role.
    //  String comma = "";
    //  String filterString = attrName + ".containsAllIgnoreCase({";
    //  for (String entValue : entitlements) {
   //     filterString += comma + "\"" + entValue + "\"";
   //     comma = ",";
   //   }
   //   filterString += "})";

   //   Filter filter = Filter.compile(filterString);   

      Profile profile = new Profile();
      profile.setDescription("Entitlements required by '" + RoleName + "' for " + appName);
      profile.setApplication(appObj);
    //  profile.addConstraint(filter);
      role.add(profile);

    }
    log.error("Logs Value ----  55555555 ");
    // Handle Business-role specific build out options here.
    if (role.getType().contains("Business")) {

      // Build an assignment rule using the identity attributes.
      // Identities are auto-matched to assignemnt rules with this class:
      IdentitySelector assignmentRule = new IdentitySelector();

        log.error("Logs Value ----  55555555156 ");

      // Add all the match terms to the rule and add to the role.
      //assignmentRule.setMatchExpression(matcher);
     // role.setSelector(assignmentRule);

      // Clear the previous list of requirements for this Role.
      if (null != role.getRequirements()) {
        role.getRequirements().clear();
      }
 log.error("Logs Value ----  55555555156124 ");
      // Add the required IT roles for this business role.
/*      for (String subRoleName : subRolesList) {

        Bundle requiredRole = context.getObjectByName(Bundle.class, subRoleName);
        if (null == requiredRole) {
          System.out.println(" - ERROR: Required role not found: " + subRoleName);
        } else {
          role.addRequirement(requiredRole);
        }         	  

      }	  
*/  
  }
    log.error("Role Value is created or not ? Yet To create ----   "+ role.toXml() );
    System.out.println("role: " + role.toXml());

    context.saveObject(role);
    context.commitTransaction();
log.error("Role is successfully created ----   "+ role.toXml() );
    return;
  }
  try {
  log.error("Logs Value ----  7777777 ");
  //start Read data from oracle table for groups
  String dbURL = "XXXXXXXXXXXXXXXXXXXXXXX";

  String username = "XXXXXXX";

  String password = "XXXXXXX";
  log.error("Logs Value ----  1111777 ");
   HashMap lineHash = new HashMap();
  
    Connection con = DriverManager.getConnection(dbURL, username, password);

    log.error("Logs Value ----  88888888 ");
    
    //step3 create the statement object  

    Statement stmt=con.createStatement();
    log.error("Logs Value ----  1010101017779 ");
   
    //step4 execute query  
    ResultSet rs=stmt.executeQuery("select 'Business' as RoleType,'create' as Action,BUSINESS_ROLE_ID as RoleID,BUSINESS_ROLE_NAME as RoleName,BUSINESS_ROLE_DESC as RoleDisplayName,'The Administrator' as Owner  from table");  
    while(rs.next()){  

      // log.error("Logs Value for entry ---- "+ rs.getString(1)+"  "+rs.getString(2)+ " " +rs.getString(3)+"  "+rs.getString(4)+ " "+rs.getString(5)+"  "+rs.getString(6) );
      // lineHash.put( rs.getString(1)+"  "+rs.getString(2)+ " " +rs.getString(3)+"  "+rs.getString(4)+ " "+rs.getString(5)+"  "+rs.getString(6) );

      lineHash.put("RoleType", rs.getString(1));
      lineHash.put("Action", rs.getString(2));
      lineHash.put("RoleID", rs.getString(3));
      lineHash.put("RoleName", rs.getString(4));
      lineHash.put("RoleDescription", rs.getString(5));
      lineHash.put("Owner", rs.getString(6));

      //log.error("Logs Value for entry of Hash ---- " + lineHash);
      //End Read data from oracle table for groups
    }
    //step5 close the connection object
    con.close(); 
    //log.error("Logs Closed for entry  ---- " + lineHash);
  log.error("Logs Value --------> 12345667" );  
  
  buildRole(lineHash);
   }
  catch (Exception e) {
    System.out.println("Error: " + e.getMessage());
    log.error("Error=========: " + e.getMessage());
  }
  
  log.error("Logs Value ----  10101010153635 ");
  System.out.println("Role import Complete.");

  return;

Can you help me and tell me how i can import all the roles in the system using the rule.

3

Hi @SecurityConsultant123,

how many record return from your query?

PS I think the error is there:
image

You read all the result and put into linehash. Try to put buildRole(lineHash); into the while

4

Hi @enistri_devo , I am able to fetch one role only.

5

@SecurityConsultant123 -
It looks like the issue you’re encountering is due to where you’re calling the buildRole(lineHash) method in your code. As it stands, you’re only calling buildRole(lineHash) after the while(rs.next()) loop has finished executing. This means that only the last role fetched from your database (the last iteration of the loop) is stored in lineHash and subsequently used to create a role in SailPoint IdentityIQ.

To import all roles, you need to call the buildRole(lineHash) method inside the while(rs.next()) loop. This way, for each role fetched from the database, you populate lineHash with its data and immediately pass it to buildRole() to create the role in IdentityIQ.

Here’s how you can modify your code:

// ... your existing imports and code ...

try {
    log.error("Logs Value ---- 7777777 ");
    // Start: Read data from Oracle table for groups
    String dbURL = "XXXXXXXXXXXXXXXXXXXXXXX";
    String username = "XXXXXXX";
    String password = "XXXXXXX";
    log.error("Logs Value ---- 1111777 ");
   
    Connection con = DriverManager.getConnection(dbURL, username, password);
    log.error("Logs Value ---- 88888888 ");
    
    // Create the statement object  
    Statement stmt = con.createStatement();
    log.error("Logs Value ---- 1010101017779 ");
   
    // Execute query  
    ResultSet rs = stmt.executeQuery("SELECT 'Business' AS RoleType, 'create' AS Action, BUSINESS_ROLE_ID AS RoleID, BUSINESS_ROLE_NAME AS RoleName, BUSINESS_ROLE_DESC AS RoleDisplayName, 'The Administrator' AS Owner FROM table");  
    
    while(rs.next()){  
        HashMap lineHash = new HashMap();
        lineHash.put("RoleType", rs.getString(1));
        lineHash.put("Action", rs.getString(2));
        lineHash.put("RoleID", rs.getString(3));
        lineHash.put("RoleName", rs.getString(4));
        lineHash.put("RoleDescription", rs.getString(5));
        lineHash.put("Owner", rs.getString(6));

        // Call buildRole for each role
        buildRole(lineHash);
    }
    
    // Close the connection
    con.close(); 
} catch (Exception e) {
    System.out.println("Error: " + e.getMessage());
    log.error("Error=========: " + e.getMessage());
}

log.error("Logs Value ---- 10101010153635 ");
System.out.println("Role import Complete.");

return;

Hope this helps.
Thank you!

1 Like
6

Thank you @officialamitguptaa Issue is resolved.

7

isn’t that the same thing I said?

8

Thank you @enistri_devo :innocent:

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.