gopalmca1
April 16, 2024, 7:29am
1
Version 8.2
Hi Experts,
I’m encountering an issue with the Identity Entitlement Details Report. When I input the entitlement’s display name in the Entitlement search field (located at the Identity Entitlements Report Arguments Tab), it doesn’t work. However, when I input the entitlement value, it works as expected. Is there a solution for this issue?
Below is the form code that needs to be adjusted to search by entitlement DisplayName:
Thanks,
Gopal
ipobeidi
April 16, 2024, 12:48pm
2
Hey , Welcome!
Try to run a task called " Full Index Refresh" See if it captures the Entitlement on the report.
best!
@gopalmca1
You have to do customizations on the form level and Report task Definition level ( this may not be required based on how you are handling things at form level) to achieve what you want.
gopalmca1
April 17, 2024, 8:27am
4
Hi @iamksatish , thank you for your suggestion. I have customized the form and am now able to search for entitlements by display name. However, in the report results, the associated members with that entitlement are not being returned. Below is the customized form code. Could you please let me know what I am missing?"
<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
<AllowedValuesDefinition>
<Script>
<Source>
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.QueryOptions;
import sailpoint.api.ObjectUtil;
import sailpoint.object.Filter;
import sailpoint.object.*;
String idName = context.getUserName();
List entList3 = new ArrayList();
if (idName != null) {
QueryOptions ao = new QueryOptions();
ao.addFilter(Filter.eq("owner.name", idName));
List entList = context.getObjects(ManagedAttribute.class, ao);
if (entList != null) {
for (ManagedAttribute ent : entList) {
List entList2 = new ArrayList();
String displayName = ent.getDisplayName();
entList2.add(displayName);
entList3.add(entList2);
log.error("Display Name: " + displayName);
}
} else {
log.error("No ManagedAttribute objects found for user: " + idName);
}
} else {
log.error("idName is null.");
}
return entList3;
</Source>
</Script>
</AllowedValuesDefinition>
</Field>
Please share your Report task definition as well
And the complete form.xml
gopalmca1
April 17, 2024, 9:46am
7
@gopalmca1
There is no column as Display Name in Identity entitlement Object and below configuration will not work
Parameter argument=“entitlementValue” property=“displayName”
You have work this way, You have make the form Entitlement value as read only or hidden and populate that value based on entitlement display names selected and don’t change anything in task definition as the OOTB task definition works fine when entitlement value is passed, so basically user will select display name but backend corresponding value will go to query parameters and you will get the output
gopalmca1
April 17, 2024, 10:53am
9
Hi @iamksatish I am getting below output with current logic which i have attached earlier. and same result with
Is this report only meant for Owner of entitlements, I mean whoever running this report should see only entitlements they own in the filter?
gopalmca1
April 17, 2024, 12:09pm
11
yes @iamksatish whoever running this report should see only entitlements they own in the filter, so I am the owner of Gopal_POC1 entitlement. Also, Gopal_POC1 and Gopal_POC is DisplayName of the entitlement.
ipobeidi
April 17, 2024, 7:13pm
12
Hey @gopalmca1 , Does someone have the Entitlement assign to the identity?
best!
Seems like the form and task defination you have modified is not correct .
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form hidden="true" name="POC Identity Entitlements Report Search Fields" type="Report">
<Section columns="2" label="rept_identity_entitlement_arguments" name="customProperties">
<Field displayName="identities" helpKey="help_rept_identity_entitlement_identities" multi="true" name="identity" type="Identity" value="ref:identity"/>
<Field displayName="applications" helpKey="help_rept_identity_entitlement_applications" multi="true" name="application" type="Application" value="ref:application"/>
<Field displayName="rept_identity_entitlement_grid_attributes" helpKey="help_rept_identity_entitlement_attributes" multi="true" name="attribute" type="IdentityEntitlement" value="ref:attribute">
<Attributes>
<Map>
<entry key="objectColumn" value="name"/>
</Map>
</Attributes>
</Field>
<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
<AllowedValuesDefinition>
<Script>
<Source>
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.QueryOptions;
import sailpoint.api.ObjectUtil;
import sailpoint.object.Filter;
import sailpoint.object.ManagedAttribute;
String idName = context.getUserName();
List appList3 = new ArrayList();
if (idName != null)
{
QueryOptions ao = new QueryOptions();
ao.addFilter(Filter.eq("owner.name",idName));
List appList=context.getObjects(ManagedAttribute.class, ao);
for(Application app : appList){
List appList2 = new ArrayList();
appList2.add(app.getId());
appList2.add(app.getDisplayName());
appList3.add(appList2);
System.out.println("*****"+ app.getId() + "*********" + app.getDisplayName());
}
}
return appList3;
</Source>
</Script>
</AllowedValuesDefinition>
</Field>
<Field displayName="rept_identity_entitlement_grid_accounts" helpKey="help_rept_identity_entitlement_accounts" multi="true" name="accountId" type="IdentityEntitlement" value="ref:accountId">
<Attributes>
<Map>
<entry key="objectColumn" value="nativeIdentity"/>
</Map>
</Attributes>
</Field>
<Field displayName="rept_identity_entitlement_grid_instances" helpKey="help_rept_identity_entitlement_instances" multi="true" name="instance" type="IdentityEntitlement" value="ref:instance">
<Attributes>
<Map>
<entry key="objectColumn" value="instance"/>
</Map>
</Attributes>
</Field>
<Field displayName="rept_identity_entitlement_grid_assigners" helpKey="help_rept_identity_entitlement_assigners" multi="true" name="assigner" type="IdentityEntitlement" value="ref:assigner">
<Attributes>
<Map>
<entry key="objectColumn" value="assigner"/>
</Map>
</Attributes>
</Field>
<Field displayName="identity_entitlements_source" helpKey="help_rept_identity_entitlement_sources" multi="true" name="source" value="ref:source">
<AllowedValues>
<List>
<String>Aggregation</String>
<String>source_aggregation</String>
</List>
<List>
<String>LCM</String>
<String>source_lcm</String>
</List>
<List>
<String>PAM</String>
<String>source_pam</String>
</List>
<List>
<String>RapidSetup</String>
<String>source_rapidsetup</String>
</List>
<List>
<String>Rule</String>
<String>source_rule</String>
</List>
<List>
<String>Task</String>
<String>source_task</String>
</List>
<List>
<String>WebServices</String>
<String>source_web_service</String>
</List>
</AllowedValues>
</Field>
<Field displayName="identity_entitlements_aggregation_state_display" helpKey="help_rept_identity_entitlement_agg_state" name="aggregationState" value="ref:aggregationState">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>Connected</String>
<String>txt_true</String>
</List>
<List>
<String>Disconnected</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
<Field displayName="srch_input_def_entitlement_type" helpKey="help_rept_identity_entitlement_types" name="type" value="ref:type">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>Entitlement</String>
<String>entitlement</String>
</List>
<List>
<String>Permission</String>
<String>permission</String>
</List>
</AllowedValues>
</Field>
<Field displayName="identity_entitlements_role_allowed" helpKey="help_rept_identity_entitlement_allowed" name="allowed" value="ref:allowed">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>true</String>
<String>txt_true</String>
</List>
<List>
<String>false</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
<Field displayName="rept_identity_entitlement_grid_additional" helpKey="help_rept_identity_entitlement_only_additional" name="grantedByRole" value="ref:grantedByRole">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>false</String>
<String>txt_true</String>
</List>
<List>
<String>true</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
<Field displayName="rept_identity_entitlement_grid_certified" helpKey="help_rept_identity_entitlement_certified" name="certified" value="ref:certified">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>true</String>
<String>txt_true</String>
</List>
<List>
<String>false</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
<Field displayName="rept_identity_entitlement_grid_pending_certification" helpKey="help_rept_identity_entitlement_pending_certification" name="pendingCertification" value="ref:pendingCertification">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>true</String>
<String>txt_true</String>
</List>
<List>
<String>false</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
<Field displayName="rept_identity_entitlement_grid_requested" helpKey="help_rept_identity_entitlement_requested" name="currentRequest" value="ref:currentRequest">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>true</String>
<String>txt_true</String>
</List>
<List>
<String>false</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
<Field displayName="rept_identity_entitlement_grid_pending_request" helpKey="help_rept_identity_entitlement_pending_request" name="pendingRequest" value="ref:pendingRequest">
<AllowedValues>
<List>
<String>null</String>
<String>rept_app_account_attrs_filter_include_all</String>
</List>
<List>
<String>true</String>
<String>txt_true</String>
</List>
<List>
<String>false</String>
<String>txt_false</String>
</List>
</AllowedValues>
</Field>
</Section>
</Form>
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="POC Identity Entitlements Detail Report" progressMode="Percentage" resultAction="Rename" subType="Identity and User Reports" template="true" type="LiveReport">
<Attributes>
<Map>
<entry key="report">
<value>
<LiveReport title="Identity Entitlements Report">
<DataSource objectType="IdentityEntitlement" type="Filter">
<QueryParameters>
<Parameter argument="identity" property="identity.id"/>
<Parameter argument="application" property="application.id"/>
<Parameter argument="attribute" property="name"/>
<Parameter argument="entitlementValue" property="value"/>
<Parameter argument="accountId" property="nativeIdentity"/>
<Parameter argument="instance" property="instance"/>
<Parameter argument="source" property="source"/>
<Parameter argument="aggregationState" property="aggregationState">
<QueryScript>
<Source>
import sailpoint.object.Filter;
import sailpoint.object.IdentityEntitlement.AggregationState;
import sailpoint.tools.Util;
// "null" indicates include all
if ( Util.getString((String)value) != null ) {
if ( Util.nullSafeEq("Connected", (String)value) ) {
queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Connected));
} else {
queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Disconnected));
}
}
return queryOptions;
</Source>
</QueryScript>
</Parameter>
<Parameter argument="type" property="type">
<QueryScript>
<Source>
import sailpoint.object.Filter;
import sailpoint.object.IdentityEntitlement.AggregationState;
import sailpoint.tools.Util;
// "null" indicates include all
if ( Util.getString((String)value) != null ) {
queryOptions.addFilter(Filter.eq("type", value));
}
return queryOptions;
</Source>
</QueryScript>
</Parameter>
<Parameter argument="allowed" property="allowed" valueClass="boolean"/>
<Parameter argument="assigned" property="assigned" valueClass="boolean"/>
<Parameter argument="grantedByRole" property="grantedByRole" valueClass="boolean"/>
<Parameter argument="assigner" property="assigner"/>
<Parameter argument="pendingRequest" property="pendingRequestItem">
<QueryScript>
<Source>
import sailpoint.object.*;
import sailpoint.tools.*;
// "null" indicates no value
if ( Util.getString((String)value) != null ) {
boolean bool = Util.otob(value);
if ( !bool )
queryOptions.addFilter(Filter.isnull(property));
else
queryOptions.addFilter(Filter.notnull(property));
}
return queryOptions;
</Source>
</QueryScript>
</Parameter>
<Parameter argument="currentRequest" property="requestItem">
<QueryScript>
<Source>
import sailpoint.object.*;
import sailpoint.tools.*;
// "null" indicates no value
if ( Util.getString((String)value) != null ) {
boolean bool = Util.otob(value);
if ( !bool )
queryOptions.addFilter(Filter.isnull(property));
else
queryOptions.addFilter(Filter.notnull(property));
}
return queryOptions;
</Source>
</QueryScript>
</Parameter>
<Parameter argument="pendingCertification" property="pendingCertificationItem">
<QueryScript>
<Source>
import sailpoint.object.*;
import sailpoint.tools.*;
// "null" indicates no value
if ( Util.getString((String)value) != null ) {
boolean bool = Util.otob(value);
if ( !bool )
queryOptions.addFilter(Filter.isnull(property));
else
queryOptions.addFilter(Filter.notnull(property));
}
return queryOptions;
</Source>
</QueryScript>
</Parameter>
<Parameter argument="certified" property="certificationItem">
<QueryScript>
<Source>
import sailpoint.object.*;
import sailpoint.tools.*;
// "null" indicates no value
if ( Util.getString((String)value) != null ) {
boolean bool = Util.otob(value);
if ( !bool )
queryOptions.addFilter(Filter.isnull(property));
else
queryOptions.addFilter(Filter.notnull(property));
}
return queryOptions;
</Source>
</QueryScript>
</Parameter>
</QueryParameters>
</DataSource>
<ReportForm>
<Reference class="sailpoint.object.Form" name="POC Identity Entitlements Report Search Fields"/>
</ReportForm>
<Columns>
<ReportColumnConfig field="identity" header="identity" property="identity.displayName" sortable="true" width="110"/>
<ReportColumnConfig field="application" header="label_application" property="application.name" sortable="true" width="110"/>
<ReportColumnConfig field="attribute" header="label_attribute" property="name" sortable="true" width="110"/>
<ReportColumnConfig field="value" header="entitlement" property="value" sortable="true" width="110"/>
<ReportColumnConfig field="displayValue" header="label_display_value" property="application.id" scriptArguments="name,value,type" width="110">
<RenderScript>
<Source>
import sailpoint.api.Explanator;
import sailpoint.api.Explanator.Explanation;
import sailpoint.api.ObjectUtil;
import sailpoint.object.ManagedAttribute.Type;
import sailpoint.object.Bundle;
import sailpoint.object.ProvisioningPlan;
import sailpoint.service.classification.ClassificationService;
import sailpoint.tools.Util;
String appId = (String) value;
// aka attribute
String name = (String) scriptArgs.get("name");
String val = (String) scriptArgs.get("value");
Type type = (Type) scriptArgs.get("type");
if (type != null && type == Type.Entitlement && appId != null && name != null) {
Explanation exp = Explanator.get(appId, name, val, type.name());
if (exp != null) {
return exp.getDisplayValue();
}
}
return null;
</Source>
</RenderScript>
</ReportColumnConfig>
<ReportColumnConfig field="accountId" header="account_name" property="nativeIdentity" skipLocalization="true" sortable="true" width="110"/>
<ReportColumnConfig field="accountDisplayName" header="account_display_name" property="displayName" skipLocalization="true" sortable="true" width="110"/>
<ReportColumnConfig field="instance" header="instance" property="instance" sortable="true" width="110"/>
<ReportColumnConfig field="source" header="identity_entitlements_source" property="source" sortable="true" width="110"/>
<ReportColumnConfig field="aggregationState" header="identity_entitlements_aggregation_state_display" property="aggregationState" width="110"/>
<ReportColumnConfig field="type" header="srch_input_def_entitlement_type" property="type" sortable="true" width="110"/>
<ReportColumnConfig field="allowed" header="identity_entitlements_allowed" property="allowed" sortable="true" width="110"/>
<ReportColumnConfig field="assigned" header="identity_entitlements_assigned" property="assigned" sortable="true" width="110"/>
<ReportColumnConfig field="grantedByRole" header="identity_entitlements_granted_by_role" property="grantedByRole" sortable="true" width="110"/>
<ReportColumnConfig field="assigner" header="identity_entitlements_assigner" property="assigner" sortable="true" width="110"/>
<ReportColumnConfig field="lastCertName" header="identity_entitlements_cert_last" property="certificationItem.parent.certification.name" sortable="true" width="110"/>
<ReportColumnConfig field="lastCertDate" header="identity_entitlements_cert_last_date" property="certificationItem.modified" sortable="true" width="110"/>
<ReportColumnConfig field="lastRequestId" header="identity_entitlements_request_id" property="requestItem.identityRequest.name" sortable="true" width="110"/>
<ReportColumnConfig field="classificationNames" header="rept_cert_col_classifications" property="application.id" scriptArguments="name,value,type" width="110">
<RenderScript>
<Source>
import sailpoint.api.Explanator;
import sailpoint.api.Explanator.Explanation;
import sailpoint.api.ObjectUtil;
import sailpoint.object.ManagedAttribute.Type;
import sailpoint.object.Bundle;
import sailpoint.object.ProvisioningPlan;
import sailpoint.service.classification.ClassificationService;
import sailpoint.tools.Util;
String appId = (String) value;
// aka attribute
String name = (String) scriptArgs.get("name");
String val = (String) scriptArgs.get("value");
Type type = (Type) scriptArgs.get("type");
// Check if it is representing a role
if (ProvisioningPlan.ATT_IIQ_DETECTED_ROLES.equals(name) ||
ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES.equals(name)) {
String classifiableId = ObjectUtil.getId(context, Bundle.class, val);
if (classifiableId != null) {
ClassificationService service = new ClassificationService(context);
return Util.listToCsv(service.getClassificationNames(Bundle.class, classifiableId));
}
}
// Otherwise it is an entitlement
else {
if (appId != null && name != null && type != null) {
Explanation exp = type == Type.Permission ?
Explanator.get(appId, name) :
Explanator.get(appId, name, val);
if (exp != null) {
return Util.listToCsv(exp.getClassificationDisplayableNames());
}
}
}
return null;
</Source>
</RenderScript>
</ReportColumnConfig>
</Columns>
</LiveReport>
</value>
</entry>
</Map>
</Attributes>
<Description>Displays identity/account entitlement information.</Description>
<RequiredRights>
<Reference class="sailpoint.object.SPRight" name="FullAccessIdentityEntitlementReport"/>
</RequiredRights>
<Signature>
<Inputs>
<Argument multi="true" name="identity" type="Identity">
<Description>Identities to include in the report</Description>
<Prompt>identities</Prompt>
</Argument>
<Argument multi="true" name="application" type="Application">
<Description>Applications to include in the report</Description>
<Prompt>applications</Prompt>
</Argument>
<Argument multi="true" name="attribute">
<Description>Attirubtes to include in the report</Description>
<Prompt>attribute</Prompt>
</Argument>
<Argument multi="true" name="entitlementValue">
<Description>Attirubtes to include in the report</Description>
<Prompt>attribute</Prompt>
</Argument>
<Argument name="accountId">
<Description>Account ids to include in the report</Description>
<Prompt>account_name</Prompt>
</Argument>
<Argument name="instance">
<Description>Instances to include</Description>
<Prompt>instance</Prompt>
</Argument>
<Argument name="source" type="string">
<Description>Include only Entitlements with a specific source</Description>
<Prompt>identity_entitlements_source</Prompt>
</Argument>
<Argument name="aggregationState" type="string">
<Description>Include only connected or disconnected entitlements</Description>
<Prompt>identity_entitlements_aggregation_state_display</Prompt>
</Argument>
<Argument name="type" type="string">
<Description>Include only certain types of permissions. Either Permission or Entitlement</Description>
<Prompt>srch_input_def_entitlement_type</Prompt>
</Argument>
<Argument name="allowed" type="string">
<Description>Include only allowed entitlements</Description>
<Prompt>identity_entitlements_role_allowed</Prompt>
</Argument>
<Argument name="assigned" type="string">
<Description>Include only entitlements that are assigned</Description>
<Prompt>identity_entitlements_assigned</Prompt>
</Argument>
<Argument name="grantedByRole" type="string">
<Description>Include only entitlements granted by a role.</Description>
<Prompt>granted</Prompt>
</Argument>
<Argument name="pendingRequest" type="string">
<Description>Include only entitlements that have a pending access request.</Description>
<Prompt>pendingRequest</Prompt>
</Argument>
<Argument name="currentRequest" type="string">
<Description>Include only entitlements that have a current access request.</Description>
<Prompt>pendingRequest</Prompt>
</Argument>
<Argument name="pendingCertification" type="string">
<Description>Include only entitlements that have a pending certification.</Description>
<Prompt>pendingCertification</Prompt>
</Argument>
<Argument name="certified" type="string">
<Description>Include only entitlements that have been certified.</Description>
<Prompt>certified</Prompt>
</Argument>
</Inputs>
</Signature>
</TaskDefinition>
You can refer to this link
The OOTB Identity Entitlements Detail Report shows all the Users in the Search, so if we want to modify this report and show only the Direct reportee of the logged in user, we need to modify the existing form which is used in this report "Identity...
1 Like
gopalmca1
April 18, 2024, 8:08am
15
Hi @ipobeidi Yes, entitlement assigned to the members.
gopalmca1
April 18, 2024, 8:40am
16
Vishal Kejriwal:
Application
Hi @vishal_kejriwal1 Thanks for the xmls. But the form code you provide is for Application not for Entitlement. Also, I have put ManagedAttribute instead of Application but still no result.
@gopalmca1
gopalmca1
April 25, 2024, 7:45am
19
@iamksatish Thanks for checking but still no luck . I am able to achieve to search with Entitlement DisplayName but it is not returning associated member in report result. Please let me know if i am missing anything.
<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
<AllowedValuesDefinition>
<Script>
<Source>
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.QueryOptions;
import sailpoint.api.ObjectUtil;
import sailpoint.object.Filter;
import sailpoint.object.*;
String idName = context.getUserName();
List entList3 = new ArrayList();
if (idName != null) {
QueryOptions ao = new QueryOptions();
ao.addFilter(Filter.eq("owner.name", idName));
List entList = context.getObjects(ManagedAttribute.class, ao);
if (entList != null) {
for (ManagedAttribute ent : entList) {
List entList2 = new ArrayList();
String displayName = ent.getDisplayName();
entList2.add(displayName);
entList3.add(entList2);
log.error("Display Name: " + displayName);
}
} else {
log.error("No ManagedAttribute objects found for user: " + idName);
}
} else {
log.error("idName is null.");
}
return entList3;
</Source>
</Script>
</AllowedValuesDefinition>
</Field>
vinnysail
April 25, 2024, 8:17am
20
Hi @gopalmca1
gopalmca1
April 25, 2024, 8:46am
21
Hi @vinnysail when I am changing the code then it’s showing members. But it is not showing the entitlement DisplayName. It is showing entitlement value.
<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
<AllowedValuesDefinition>
<Script>
<Source>
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.QueryOptions;
import sailpoint.api.ObjectUtil;
import sailpoint.object.Filter;
import sailpoint.object.*;
String idName = context.getUserName();
List entList3 = new ArrayList();
if (idName != null) {
QueryOptions ao = new QueryOptions();
ao.addFilter(Filter.eq("owner.name", idName));
List entList = context.getObjects(ManagedAttribute.class, ao);
if (entList != null) {
for (ManagedAttribute ent : entList) {
List entList2 = new ArrayList();
**//String displayName = ent.getDisplayName();**
**String displayName = ent.getValue();**
entList2.add(displayName);
entList3.add(entList2);
log.error("Display Name: " + displayName);
}
} else {
log.error("No ManagedAttribute objects found for user: " + idName);
}
} else {
log.error("idName is null.");
}
return entList3;
</Source>
</Script>
</AllowedValuesDefinition>
</Field>
