In Identity entitlement report, Entitlement Search Field is not working for Entitlement Display Name

Which IIQ version are you inquiring about?

Version 8.2

Please share any other relevant files that may be required (for example, logs).

Share all details related to your problem, including any error messages you may have received.

Hi Experts,

I’m encountering an issue with the Identity Entitlement Details Report. When I input the entitlement’s display name in the Entitlement search field (located at the Identity Entitlements Report Arguments Tab), it doesn’t work. However, when I input the entitlement value, it works as expected. Is there a solution for this issue?

Below is the form code that needs to be adjusted to search by entitlement DisplayName:

Thanks,

Gopal

Hey , Welcome!

Try to run a task called " Full Index Refresh" See if it captures the Entitlement on the report.

best!

@gopalmca1
This is a OOTB report and by default it takes the entitlement value as parameter and same is being used in form and corresponding report generation as this report is filter based on IdentityEnttilement Object and you will not have entitlement display name directly in this object

You have to do customizations on the form level and Report task Definition level ( this may not be required based on how you are handling things at form level) to achieve what you want.

Hi @iamksatish , thank you for your suggestion. I have customized the form and am now able to search for entitlements by display name. However, in the report results, the associated members with that entitlement are not being returned. Below is the customized form code. Could you please let me know what I am missing?"

<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
      <AllowedValuesDefinition>
        <Script>
          <Source>
            import sailpoint.api.SailPointContext;
            import sailpoint.object.Application;
            import sailpoint.object.Identity;
            import sailpoint.object.QueryOptions;
            import sailpoint.api.ObjectUtil;
            import sailpoint.object.Filter;
            import sailpoint.object.*;
            String idName = context.getUserName();
List entList3 = new ArrayList();

if (idName != null) {
    QueryOptions ao = new QueryOptions();
    ao.addFilter(Filter.eq("owner.name", idName));
    List entList = context.getObjects(ManagedAttribute.class, ao);
    
    if (entList != null) {
        for (ManagedAttribute ent : entList) {
            List entList2 = new ArrayList();
            String displayName = ent.getDisplayName();
            entList2.add(displayName);
            entList3.add(entList2);
            log.error("Display Name: " + displayName);
        }
    } else {
        log.error("No ManagedAttribute objects found for user: " + idName);
    }
} else {
    log.error("idName is null.");
}
return entList3;

          </Source>
        </Script>
      </AllowedValuesDefinition>
    </Field>

Please share your Report task definition as well

And the complete form.xml

Sure @iamksatish thank you
POC Identity Entitlements Detail Report.xml (17.6 KB)
POC Identity Entitlements Report Search Fields.xml (8.9 KB)

@gopalmca1
This will not work and I believe you should get an error actually.

There is no column as Display Name in Identity entitlement Object and below configuration will not work

Parameter argument=“entitlementValue” property=“displayName”

You have work this way, You have make the form Entitlement value as read only or hidden and populate that value based on entitlement display names selected and don’t change anything in task definition as the OOTB task definition works fine when entitlement value is passed, so basically user will select display name but backend corresponding value will go to query parameters and you will get the output

Hi @iamksatish I am getting below output with current logic which i have attached earlier. and same result with
Parameter argument=“entitlementValue” property=“value”
It would be great if you provide me the sample code to fix the issue. Thank you.
image

Is this report only meant for Owner of entitlements, I mean whoever running this report should see only entitlements they own in the filter?

yes @iamksatish whoever running this report should see only entitlements they own in the filter, so I am the owner of Gopal_POC1 entitlement. Also, Gopal_POC1 and Gopal_POC is DisplayName of the entitlement.

Hey @gopalmca1 , Does someone have the Entitlement assign to the identity?

best!

Seems like the form and task defination you have modified is not correct .
Import the below Xml’s and this will work

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form hidden="true" name="POC Identity Entitlements Report Search Fields" type="Report">
  <Section columns="2" label="rept_identity_entitlement_arguments" name="customProperties">
    <Field displayName="identities" helpKey="help_rept_identity_entitlement_identities" multi="true" name="identity" type="Identity" value="ref:identity"/>
    <Field displayName="applications" helpKey="help_rept_identity_entitlement_applications" multi="true" name="application" type="Application" value="ref:application"/>
    <Field displayName="rept_identity_entitlement_grid_attributes" helpKey="help_rept_identity_entitlement_attributes" multi="true" name="attribute" type="IdentityEntitlement" value="ref:attribute">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="name"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
      <AllowedValuesDefinition>
        <Script>
          <Source>

            
            import sailpoint.api.SailPointContext;
            import sailpoint.object.Application;
            import sailpoint.object.Identity;
            import sailpoint.object.QueryOptions;
            import sailpoint.api.ObjectUtil;
            import sailpoint.object.Filter;
            import sailpoint.object.ManagedAttribute;

            String idName = context.getUserName();
            List appList3 = new ArrayList();

            if (idName != null)
            {
            QueryOptions ao = new QueryOptions();
            ao.addFilter(Filter.eq("owner.name",idName));
            List appList=context.getObjects(ManagedAttribute.class, ao);
            for(Application app : appList){
            List appList2 = new ArrayList();
            appList2.add(app.getId());
            appList2.add(app.getDisplayName());

            appList3.add(appList2);
            System.out.println("*****"+ app.getId() + "*********" + app.getDisplayName());
            }
            }
            return appList3;

          </Source>
        </Script>
      </AllowedValuesDefinition>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_accounts" helpKey="help_rept_identity_entitlement_accounts" multi="true" name="accountId" type="IdentityEntitlement" value="ref:accountId">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="nativeIdentity"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_instances" helpKey="help_rept_identity_entitlement_instances" multi="true" name="instance" type="IdentityEntitlement" value="ref:instance">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="instance"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_assigners" helpKey="help_rept_identity_entitlement_assigners" multi="true" name="assigner" type="IdentityEntitlement" value="ref:assigner">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="assigner"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="identity_entitlements_source" helpKey="help_rept_identity_entitlement_sources" multi="true" name="source" value="ref:source">
      <AllowedValues>
        <List>
          <String>Aggregation</String>
          <String>source_aggregation</String>
        </List>
        <List>
          <String>LCM</String>
          <String>source_lcm</String>
        </List>
        <List>
          <String>PAM</String>
          <String>source_pam</String>
        </List>
        <List>
          <String>RapidSetup</String>
          <String>source_rapidsetup</String>
        </List>
        <List>
          <String>Rule</String>
          <String>source_rule</String>
        </List>
        <List>
          <String>Task</String>
          <String>source_task</String>
        </List>
        <List>
          <String>WebServices</String>
          <String>source_web_service</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="identity_entitlements_aggregation_state_display" helpKey="help_rept_identity_entitlement_agg_state" name="aggregationState" value="ref:aggregationState">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>Connected</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>Disconnected</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="srch_input_def_entitlement_type" helpKey="help_rept_identity_entitlement_types" name="type" value="ref:type">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>Entitlement</String>
          <String>entitlement</String>
        </List>
        <List>
          <String>Permission</String>
          <String>permission</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="identity_entitlements_role_allowed" helpKey="help_rept_identity_entitlement_allowed" name="allowed" value="ref:allowed">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_additional" helpKey="help_rept_identity_entitlement_only_additional" name="grantedByRole" value="ref:grantedByRole">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_certified" helpKey="help_rept_identity_entitlement_certified" name="certified" value="ref:certified">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_pending_certification" helpKey="help_rept_identity_entitlement_pending_certification" name="pendingCertification" value="ref:pendingCertification">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_requested" helpKey="help_rept_identity_entitlement_requested" name="currentRequest" value="ref:currentRequest">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_pending_request" helpKey="help_rept_identity_entitlement_pending_request" name="pendingRequest" value="ref:pendingRequest">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
  </Section>
</Form>

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor"  name="POC Identity Entitlements Detail Report" progressMode="Percentage" resultAction="Rename" subType="Identity and User Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="report">
        <value>
          <LiveReport title="Identity Entitlements Report">
            <DataSource objectType="IdentityEntitlement" type="Filter">
              <QueryParameters>
                <Parameter argument="identity" property="identity.id"/>
                <Parameter argument="application" property="application.id"/>
                <Parameter argument="attribute" property="name"/>
                <Parameter argument="entitlementValue" property="value"/>
                <Parameter argument="accountId" property="nativeIdentity"/>
                <Parameter argument="instance" property="instance"/>
                <Parameter argument="source" property="source"/>
                <Parameter argument="aggregationState" property="aggregationState">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.Filter;
                            import sailpoint.object.IdentityEntitlement.AggregationState;
                            import sailpoint.tools.Util;
                            
                            // "null" indicates include all
                            if ( Util.getString((String)value) != null ) {
                                if ( Util.nullSafeEq("Connected", (String)value) ) {
                                    queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Connected));                                   
                                } else {
                                    queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Disconnected));
                                }
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="type" property="type">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.Filter;
                            import sailpoint.object.IdentityEntitlement.AggregationState;
                            import sailpoint.tools.Util;
                            
                            // "null" indicates include all
                            if ( Util.getString((String)value) != null ) {
                                queryOptions.addFilter(Filter.eq("type", value));                                   
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="allowed" property="allowed" valueClass="boolean"/>
                <Parameter argument="assigned" property="assigned" valueClass="boolean"/>
                <Parameter argument="grantedByRole" property="grantedByRole" valueClass="boolean"/>
                <Parameter argument="assigner" property="assigner"/>
                <Parameter argument="pendingRequest" property="pendingRequestItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="currentRequest" property="requestItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="pendingCertification" property="pendingCertificationItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="certified" property="certificationItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
              </QueryParameters>
            </DataSource>
            <ReportForm>
              <Reference class="sailpoint.object.Form" name="POC Identity Entitlements Report Search Fields"/>
            </ReportForm>
            <Columns>
              <ReportColumnConfig field="identity" header="identity" property="identity.displayName" sortable="true" width="110"/>
              <ReportColumnConfig field="application" header="label_application" property="application.name" sortable="true" width="110"/>
              <ReportColumnConfig field="attribute" header="label_attribute" property="name" sortable="true" width="110"/>
              <ReportColumnConfig field="value" header="entitlement" property="value" sortable="true" width="110"/>
              <ReportColumnConfig field="displayValue" header="label_display_value" property="application.id" scriptArguments="name,value,type" width="110">
                <RenderScript>
                  <Source>
                          
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            if (type != null &amp;&amp; type == Type.Entitlement &amp;&amp; appId != null &amp;&amp; name != null) {
                              Explanation exp = Explanator.get(appId, name, val, type.name());

                              if (exp != null) {
                                return exp.getDisplayValue();
                              }
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
              <ReportColumnConfig field="accountId" header="account_name" property="nativeIdentity" skipLocalization="true" sortable="true" width="110"/>
              <ReportColumnConfig field="accountDisplayName" header="account_display_name" property="displayName" skipLocalization="true" sortable="true" width="110"/>
              <ReportColumnConfig field="instance" header="instance" property="instance" sortable="true" width="110"/>
              <ReportColumnConfig field="source" header="identity_entitlements_source" property="source" sortable="true" width="110"/>
              <ReportColumnConfig field="aggregationState" header="identity_entitlements_aggregation_state_display" property="aggregationState" width="110"/>
              <ReportColumnConfig field="type" header="srch_input_def_entitlement_type" property="type" sortable="true" width="110"/>
              <ReportColumnConfig field="allowed" header="identity_entitlements_allowed" property="allowed" sortable="true" width="110"/>
              <ReportColumnConfig field="assigned" header="identity_entitlements_assigned" property="assigned" sortable="true" width="110"/>
              <ReportColumnConfig field="grantedByRole" header="identity_entitlements_granted_by_role" property="grantedByRole" sortable="true" width="110"/>
              <ReportColumnConfig field="assigner" header="identity_entitlements_assigner" property="assigner" sortable="true" width="110"/>
              <ReportColumnConfig field="lastCertName" header="identity_entitlements_cert_last" property="certificationItem.parent.certification.name" sortable="true" width="110"/>
              <ReportColumnConfig field="lastCertDate" header="identity_entitlements_cert_last_date" property="certificationItem.modified" sortable="true" width="110"/>
              <ReportColumnConfig field="lastRequestId" header="identity_entitlements_request_id" property="requestItem.identityRequest.name" sortable="true" width="110"/>
              <ReportColumnConfig field="classificationNames" header="rept_cert_col_classifications" property="application.id" scriptArguments="name,value,type" width="110">
                <RenderScript>
                  <Source>
                            
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            // Check if it is representing a role
                            if (ProvisioningPlan.ATT_IIQ_DETECTED_ROLES.equals(name) ||
                                    ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES.equals(name)) {

                                String classifiableId = ObjectUtil.getId(context, Bundle.class, val);
                                if (classifiableId != null) {
                                    ClassificationService service = new ClassificationService(context);
                                    return Util.listToCsv(service.getClassificationNames(Bundle.class, classifiableId));
                                }
                            }
                            // Otherwise it is an entitlement
                            else {
                                if (appId != null &amp;&amp; name != null &amp;&amp; type != null) {
                                    Explanation exp = type == Type.Permission ?
                                                      Explanator.get(appId, name) :
                                                      Explanator.get(appId, name, val);

                                    if (exp != null) {
                                        return Util.listToCsv(exp.getClassificationDisplayableNames());
                                    }
                                }
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>Displays identity/account entitlement information.</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessIdentityEntitlementReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument multi="true" name="identity" type="Identity">
        <Description>Identities to include in the report</Description>
        <Prompt>identities</Prompt>
      </Argument>
      <Argument multi="true" name="application" type="Application">
        <Description>Applications to include in the report</Description>
        <Prompt>applications</Prompt>
      </Argument>
      <Argument multi="true" name="attribute">
        <Description>Attirubtes to include in the report</Description>
        <Prompt>attribute</Prompt>
      </Argument>
      <Argument multi="true" name="entitlementValue">
        <Description>Attirubtes to include in the report</Description>
        <Prompt>attribute</Prompt>
      </Argument>
      <Argument name="accountId">
        <Description>Account ids to include in the report</Description>
        <Prompt>account_name</Prompt>
      </Argument>
      <Argument name="instance">
        <Description>Instances to include</Description>
        <Prompt>instance</Prompt>
      </Argument>
      <Argument name="source" type="string">
        <Description>Include only Entitlements with a specific source</Description>
        <Prompt>identity_entitlements_source</Prompt>
      </Argument>
      <Argument name="aggregationState" type="string">
        <Description>Include only connected or disconnected entitlements</Description>
        <Prompt>identity_entitlements_aggregation_state_display</Prompt>
      </Argument>
      <Argument name="type" type="string">
        <Description>Include only certain types of permissions. Either Permission or Entitlement</Description>
        <Prompt>srch_input_def_entitlement_type</Prompt>
      </Argument>
      <Argument name="allowed" type="string">
        <Description>Include only allowed entitlements</Description>
        <Prompt>identity_entitlements_role_allowed</Prompt>
      </Argument>
      <Argument name="assigned" type="string">
        <Description>Include only entitlements that are assigned</Description>
        <Prompt>identity_entitlements_assigned</Prompt>
      </Argument>
      <Argument name="grantedByRole" type="string">
        <Description>Include only entitlements granted by a role.</Description>
        <Prompt>granted</Prompt>
      </Argument>
      <Argument name="pendingRequest" type="string">
        <Description>Include only entitlements that have a pending access request.</Description>
        <Prompt>pendingRequest</Prompt>
      </Argument>
      <Argument name="currentRequest" type="string">
        <Description>Include only entitlements that have a current access request.</Description>
        <Prompt>pendingRequest</Prompt>
      </Argument>
      <Argument name="pendingCertification" type="string">
        <Description>Include only entitlements that have a pending certification.</Description>
        <Prompt>pendingCertification</Prompt>
      </Argument>
      <Argument name="certified" type="string">
        <Description>Include only entitlements that have been certified.</Description>
        <Prompt>certified</Prompt>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

You can refer to this link

1 Like

Hi @ipobeidi Yes, entitlement assigned to the members.

Hi @vishal_kejriwal1 Thanks for the xmls. But the form code you provide is for Application not for Entitlement. Also, I have put ManagedAttribute instead of Application but still no result.
image

@gopalmca1
Is this resolved or Still looking for help?

@iamksatish Thanks for checking but still no luck. I am able to achieve to search with Entitlement DisplayName but it is not returning associated member in report result. Please let me know if i am missing anything.

<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
      <AllowedValuesDefinition>
        <Script>
          <Source>
            import sailpoint.api.SailPointContext;
            import sailpoint.object.Application;
            import sailpoint.object.Identity;
            import sailpoint.object.QueryOptions;
            import sailpoint.api.ObjectUtil;
            import sailpoint.object.Filter;
            import sailpoint.object.*;
            String idName = context.getUserName();
List entList3 = new ArrayList();

if (idName != null) {
    QueryOptions ao = new QueryOptions();
    ao.addFilter(Filter.eq("owner.name", idName));
    List entList = context.getObjects(ManagedAttribute.class, ao);
    
    if (entList != null) {
        for (ManagedAttribute ent : entList) {
            List entList2 = new ArrayList();
            String displayName = ent.getDisplayName();
            entList2.add(displayName);
            entList3.add(entList2);
            log.error("Display Name: " + displayName);
        }
    } else {
        log.error("No ManagedAttribute objects found for user: " + idName);
    }
} else {
    log.error("idName is null.");
}
return entList3;

          </Source>
        </Script>
      </AllowedValuesDefinition>
    </Field>

Hi @gopalmca1
Try to add loggers (log.debug) for the membership details, filter in your report task definition you can understand where exactly the error is coming?

Hi @vinnysail when I am changing the code then it’s showing members. But it is not showing the entitlement DisplayName. It is showing entitlement value.

<Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
      <AllowedValuesDefinition>
        <Script>
          <Source>
            import sailpoint.api.SailPointContext;
            import sailpoint.object.Application;
            import sailpoint.object.Identity;
            import sailpoint.object.QueryOptions;
            import sailpoint.api.ObjectUtil;
            import sailpoint.object.Filter;
            import sailpoint.object.*;
            String idName = context.getUserName();
List entList3 = new ArrayList();

if (idName != null) {
    QueryOptions ao = new QueryOptions();
    ao.addFilter(Filter.eq("owner.name", idName));
    List entList = context.getObjects(ManagedAttribute.class, ao);
    
    if (entList != null) {
        for (ManagedAttribute ent : entList) {
            List entList2 = new ArrayList();
            **//String displayName = ent.getDisplayName();**
**String displayName = ent.getValue();**
            entList2.add(displayName);
            entList3.add(entList2);
            log.error("Display Name: " + displayName);
        }
    } else {
        log.error("No ManagedAttribute objects found for user: " + idName);
    }
} else {
    log.error("idName is null.");
}
return entList3;

          </Source>
        </Script>
      </AllowedValuesDefinition>
    </Field>