In Identity entitlement report, Entitlement Search Field is not working for Entitlement Display Name

vishal_kejriwal1 · April 25, 2024, 2:05pm

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor"  name="POC Identity Entitlements Detail Report" progressMode="Percentage" resultAction="Rename" subType="Identity and User Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="report">
        <value>
          <LiveReport title="Identity Entitlements Report">
            <DataSource objectType="IdentityEntitlement" type="Filter">
              <QueryParameters>
                <Parameter argument="identity" property="identity.id"/>
                <Parameter argument="application" property="application.id"/>
                <Parameter argument="attribute" property="name"/>
                <Parameter argument="entitlementValue" property="value"/>
                <Parameter argument="accountId" property="nativeIdentity"/>
                <Parameter argument="instance" property="instance"/>
                <Parameter argument="source" property="source"/>
                <Parameter argument="aggregationState" property="aggregationState">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.Filter;
                            import sailpoint.object.IdentityEntitlement.AggregationState;
                            import sailpoint.tools.Util;
                            
                            // "null" indicates include all
                            if ( Util.getString((String)value) != null ) {
                                if ( Util.nullSafeEq("Connected", (String)value) ) {
                                    queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Connected));                                   
                                } else {
                                    queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Disconnected));
                                }
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="type" property="type">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.Filter;
                            import sailpoint.object.IdentityEntitlement.AggregationState;
                            import sailpoint.tools.Util;
                            
                            // "null" indicates include all
                            if ( Util.getString((String)value) != null ) {
                                queryOptions.addFilter(Filter.eq("type", value));                                   
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="allowed" property="allowed" valueClass="boolean"/>
                <Parameter argument="assigned" property="assigned" valueClass="boolean"/>
                <Parameter argument="grantedByRole" property="grantedByRole" valueClass="boolean"/>
                <Parameter argument="assigner" property="assigner"/>
                <Parameter argument="pendingRequest" property="pendingRequestItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="currentRequest" property="requestItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="pendingCertification" property="pendingCertificationItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="certified" property="certificationItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
              </QueryParameters>
            </DataSource>
            <ReportForm>
              <Reference class="sailpoint.object.Form" name="POC Identity Entitlements Report Search Fields"/>
            </ReportForm>
            <Columns>
              <ReportColumnConfig field="identity" header="identity" property="identity.displayName" sortable="true" width="110"/>
              <ReportColumnConfig field="application" header="label_application" property="application.name" sortable="true" width="110"/>
              <ReportColumnConfig field="attribute" header="label_attribute" property="name" sortable="true" width="110"/>
              <ReportColumnConfig field="value" header="entitlement" property="value" sortable="true" width="110"/>
              <ReportColumnConfig field="displayValue" header="label_display_value" property="application.id" scriptArguments="name,value,type" width="110">
                <RenderScript>
                  <Source>
                          
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            if (type != null &amp;&amp; type == Type.Entitlement &amp;&amp; appId != null &amp;&amp; name != null) {
                              Explanation exp = Explanator.get(appId, name, val, type.name());

                              if (exp != null) {
                                return exp.getDisplayValue();
                              }
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
              <ReportColumnConfig field="accountId" header="account_name" property="nativeIdentity" skipLocalization="true" sortable="true" width="110"/>
              <ReportColumnConfig field="accountDisplayName" header="account_display_name" property="displayName" skipLocalization="true" sortable="true" width="110"/>
              <ReportColumnConfig field="instance" header="instance" property="instance" sortable="true" width="110"/>
              <ReportColumnConfig field="source" header="identity_entitlements_source" property="source" sortable="true" width="110"/>
              <ReportColumnConfig field="aggregationState" header="identity_entitlements_aggregation_state_display" property="aggregationState" width="110"/>
              <ReportColumnConfig field="type" header="srch_input_def_entitlement_type" property="type" sortable="true" width="110"/>
              <ReportColumnConfig field="allowed" header="identity_entitlements_allowed" property="allowed" sortable="true" width="110"/>
              <ReportColumnConfig field="assigned" header="identity_entitlements_assigned" property="assigned" sortable="true" width="110"/>
              <ReportColumnConfig field="grantedByRole" header="identity_entitlements_granted_by_role" property="grantedByRole" sortable="true" width="110"/>
              <ReportColumnConfig field="assigner" header="identity_entitlements_assigner" property="assigner" sortable="true" width="110"/>
              <ReportColumnConfig field="lastCertName" header="identity_entitlements_cert_last" property="certificationItem.parent.certification.name" sortable="true" width="110"/>
              <ReportColumnConfig field="lastCertDate" header="identity_entitlements_cert_last_date" property="certificationItem.modified" sortable="true" width="110"/>
              <ReportColumnConfig field="lastRequestId" header="identity_entitlements_request_id" property="requestItem.identityRequest.name" sortable="true" width="110"/>
              <ReportColumnConfig field="classificationNames" header="rept_cert_col_classifications" property="application.id" scriptArguments="name,value,type" width="110">
                <RenderScript>
                  <Source>
                            
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            // Check if it is representing a role
                            if (ProvisioningPlan.ATT_IIQ_DETECTED_ROLES.equals(name) ||
                                    ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES.equals(name)) {

                                String classifiableId = ObjectUtil.getId(context, Bundle.class, val);
                                if (classifiableId != null) {
                                    ClassificationService service = new ClassificationService(context);
                                    return Util.listToCsv(service.getClassificationNames(Bundle.class, classifiableId));
                                }
                            }
                            // Otherwise it is an entitlement
                            else {
                                if (appId != null &amp;&amp; name != null &amp;&amp; type != null) {
                                    Explanation exp = type == Type.Permission ?
                                                      Explanator.get(appId, name) :
                                                      Explanator.get(appId, name, val);

                                    if (exp != null) {
                                        return Util.listToCsv(exp.getClassificationDisplayableNames());
                                    }
                                }
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>Displays identity/account entitlement information.</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessIdentityEntitlementReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument multi="true" name="identity" type="Identity">
        <Description>Identities to include in the report</Description>
        <Prompt>identities</Prompt>
      </Argument>
      <Argument multi="true" name="application" type="Application">
        <Description>Applications to include in the report</Description>
        <Prompt>applications</Prompt>
      </Argument>
      <Argument multi="true" name="attribute">
        <Description>Attirubtes to include in the report</Description>
        <Prompt>attribute</Prompt>
      </Argument>
      <Argument multi="true" name="entitlementValue">
        <Description>Attirubtes to include in the report</Description>
        <Prompt>attribute</Prompt>
      </Argument>
      <Argument name="accountId">
        <Description>Account ids to include in the report</Description>
        <Prompt>account_name</Prompt>
      </Argument>
      <Argument name="instance">
        <Description>Instances to include</Description>
        <Prompt>instance</Prompt>
      </Argument>
      <Argument name="source" type="string">
        <Description>Include only Entitlements with a specific source</Description>
        <Prompt>identity_entitlements_source</Prompt>
      </Argument>
      <Argument name="aggregationState" type="string">
        <Description>Include only connected or disconnected entitlements</Description>
        <Prompt>identity_entitlements_aggregation_state_display</Prompt>
      </Argument>
      <Argument name="type" type="string">
        <Description>Include only certain types of permissions. Either Permission or Entitlement</Description>
        <Prompt>srch_input_def_entitlement_type</Prompt>
      </Argument>
      <Argument name="allowed" type="string">
        <Description>Include only allowed entitlements</Description>
        <Prompt>identity_entitlements_role_allowed</Prompt>
      </Argument>
      <Argument name="assigned" type="string">
        <Description>Include only entitlements that are assigned</Description>
        <Prompt>identity_entitlements_assigned</Prompt>
      </Argument>
      <Argument name="grantedByRole" type="string">
        <Description>Include only entitlements granted by a role.</Description>
        <Prompt>granted</Prompt>
      </Argument>
      <Argument name="pendingRequest" type="string">
        <Description>Include only entitlements that have a pending access request.</Description>
        <Prompt>pendingRequest</Prompt>
      </Argument>
      <Argument name="currentRequest" type="string">
        <Description>Include only entitlements that have a current access request.</Description>
        <Prompt>pendingRequest</Prompt>
      </Argument>
      <Argument name="pendingCertification" type="string">
        <Description>Include only entitlements that have a pending certification.</Description>
        <Prompt>pendingCertification</Prompt>
      </Argument>
      <Argument name="certified" type="string">
        <Description>Include only entitlements that have been certified.</Description>
        <Prompt>certified</Prompt>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

Import above one and try

iamksatish · April 25, 2024, 5:24pm

Can you share your xmls of form and Task Definition , complete xmls

gopalmca1 · April 26, 2024, 6:40am

Sure @iamksatish Thank you!!
TaskDefinition.xml (16.4 KB)
Form.xml (9.2 KB)

gopalmca1 · April 26, 2024, 4:54pm

@vishal_kejriwal1 No luck!!

gopalmca1 · April 29, 2024, 1:48pm

Hi @iamksatish any suggestion on this?

vishal_kejriwal1 · April 29, 2024, 2:08pm

I will check and will let you know.

iamksatish · April 29, 2024, 2:14pm

Hi @gopalmca1

Will send you the updated the xmls soon

I have imported and updated it in my environment, working on the changes.

vishal_kejriwal1 · April 29, 2024, 2:31pm

Use below xmls , this will work for sure

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form  hidden="true"  name="POC Identity Entitlements Report Search Fields"  type="Report">
  <Section columns="2" label="rept_identity_entitlement_arguments" name="customProperties">
    <Field displayName="identities" helpKey="help_rept_identity_entitlement_identities" multi="true" name="identity" type="Identity" value="ref:identity"/>
    <Field displayName="applications" helpKey="help_rept_identity_entitlement_applications" multi="true" name="application" type="Application" value="ref:application"/>
    <Field displayName="rept_identity_entitlement_grid_attributes" helpKey="help_rept_identity_entitlement_attributes" multi="true" name="attribute" type="IdentityEntitlement" value="ref:attribute">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="name"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_entitlements" helpKey="help_rept_identity_entitlement_entitlements" multi="true" name="entitlementValue" type="ManagedAttribute" value="ref:entitlementValue">
      <AllowedValuesDefinition>
        <Script>
          <Source>

            
            import sailpoint.api.SailPointContext;
            import sailpoint.object.Application;
            import sailpoint.object.Identity;
            import sailpoint.object.QueryOptions;
            import sailpoint.api.ObjectUtil;
            import sailpoint.object.Filter;
            import sailpoint.object.ManagedAttribute;

            String idName = context.getUserName();
            System.out.println("*****idName*********" + idName);
            List appList3 = new ArrayList();

            if (idName != null)
            {
            QueryOptions ao = new QueryOptions();
            ao.addFilter(Filter.eq("owner.name",idName));
            List appList=context.getObjects(ManagedAttribute.class, ao);
            System.out.println("*****appList*********" + appList);
            for(ManagedAttribute app : appList){
            List appList2 = new ArrayList();
            appList2.add(app.getValue());
            appList2.add(app.getDisplayName());

            appList3.add(appList2);
            System.out.println("*****"+ app.getId() + "*********" + app.getDisplayName());
            }
            }
            return appList3;

          </Source>
        </Script>
      </AllowedValuesDefinition>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_accounts" helpKey="help_rept_identity_entitlement_accounts" multi="true" name="accountId" type="IdentityEntitlement" value="ref:accountId">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="nativeIdentity"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_instances" helpKey="help_rept_identity_entitlement_instances" multi="true" name="instance" type="IdentityEntitlement" value="ref:instance">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="instance"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_assigners" helpKey="help_rept_identity_entitlement_assigners" multi="true" name="assigner" type="IdentityEntitlement" value="ref:assigner">
      <Attributes>
        <Map>
          <entry key="objectColumn" value="assigner"/>
        </Map>
      </Attributes>
    </Field>
    <Field displayName="identity_entitlements_source" helpKey="help_rept_identity_entitlement_sources" multi="true" name="source" value="ref:source">
      <AllowedValues>
        <List>
          <String>Aggregation</String>
          <String>source_aggregation</String>
        </List>
        <List>
          <String>LCM</String>
          <String>source_lcm</String>
        </List>
        <List>
          <String>PAM</String>
          <String>source_pam</String>
        </List>
        <List>
          <String>RapidSetup</String>
          <String>source_rapidsetup</String>
        </List>
        <List>
          <String>Rule</String>
          <String>source_rule</String>
        </List>
        <List>
          <String>Task</String>
          <String>source_task</String>
        </List>
        <List>
          <String>WebServices</String>
          <String>source_web_service</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="identity_entitlements_aggregation_state_display" helpKey="help_rept_identity_entitlement_agg_state" name="aggregationState" value="ref:aggregationState">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>Connected</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>Disconnected</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="srch_input_def_entitlement_type" helpKey="help_rept_identity_entitlement_types" name="type" value="ref:type">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>Entitlement</String>
          <String>entitlement</String>
        </List>
        <List>
          <String>Permission</String>
          <String>permission</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="identity_entitlements_role_allowed" helpKey="help_rept_identity_entitlement_allowed" name="allowed" value="ref:allowed">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_additional" helpKey="help_rept_identity_entitlement_only_additional" name="grantedByRole" value="ref:grantedByRole">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_certified" helpKey="help_rept_identity_entitlement_certified" name="certified" value="ref:certified">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_pending_certification" helpKey="help_rept_identity_entitlement_pending_certification" name="pendingCertification" value="ref:pendingCertification">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_requested" helpKey="help_rept_identity_entitlement_requested" name="currentRequest" value="ref:currentRequest">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
    <Field displayName="rept_identity_entitlement_grid_pending_request" helpKey="help_rept_identity_entitlement_pending_request" name="pendingRequest" value="ref:pendingRequest">
      <AllowedValues>
        <List>
          <String>null</String>
          <String>rept_app_account_attrs_filter_include_all</String>
        </List>
        <List>
          <String>true</String>
          <String>txt_true</String>
        </List>
        <List>
          <String>false</String>
          <String>txt_false</String>
        </List>
      </AllowedValues>
    </Field>
  </Section>
</Form>

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="VIS Identity Entitlements Detail Report" progressMode="Percentage" resultAction="Rename" subType="Identity and User Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="report">
        <value>
          <LiveReport title="Identity Entitlements Report">
            <DataSource objectType="IdentityEntitlement" type="Filter">
              <QueryParameters>
                <Parameter argument="identity" property="identity.id"/>
                <Parameter argument="application" property="application.id"/>
                <Parameter argument="attribute" property="name"/>
                <Parameter argument="entitlementValue" property="value"/>
                <Parameter argument="accountId" property="nativeIdentity"/>
                <Parameter argument="instance" property="instance"/>
                <Parameter argument="source" property="source"/>
                <Parameter argument="aggregationState" property="aggregationState">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.Filter;
                            import sailpoint.object.IdentityEntitlement.AggregationState;
                            import sailpoint.tools.Util;
                            
                            // "null" indicates include all
                            if ( Util.getString((String)value) != null ) {
                                if ( Util.nullSafeEq("Connected", (String)value) ) {
                                    queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Connected));                                   
                                } else {
                                    queryOptions.addFilter(Filter.eq("aggregationState", AggregationState.Disconnected));
                                }
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="type" property="type">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.Filter;
                            import sailpoint.object.IdentityEntitlement.AggregationState;
                            import sailpoint.tools.Util;
                            
                            // "null" indicates include all
                            if ( Util.getString((String)value) != null ) {
                                queryOptions.addFilter(Filter.eq("type", value));                                   
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="allowed" property="allowed" valueClass="boolean"/>
                <Parameter argument="assigned" property="assigned" valueClass="boolean"/>
                <Parameter argument="grantedByRole" property="grantedByRole" valueClass="boolean"/>
                <Parameter argument="assigner" property="assigner"/>
                <Parameter argument="pendingRequest" property="pendingRequestItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="currentRequest" property="requestItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="pendingCertification" property="pendingCertificationItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
                <Parameter argument="certified" property="certificationItem">
                  <QueryScript>
                    <Source>
                            import sailpoint.object.*;
                            import sailpoint.tools.*;

                            // "null" indicates no value
                            if ( Util.getString((String)value) != null ) {
                                boolean bool = Util.otob(value);
                                if ( !bool ) 
                                    queryOptions.addFilter(Filter.isnull(property));
                                else 
                                    queryOptions.addFilter(Filter.notnull(property));
                                    
                            }
                            return queryOptions;
                          </Source>
                  </QueryScript>
                </Parameter>
              </QueryParameters>
            </DataSource>
            <ReportForm>
              <Reference class="sailpoint.object.Form" name="POC Identity Entitlements Report Search Fields"/>
            </ReportForm>
            <Columns>
              <ReportColumnConfig field="identity" header="identity" property="identity.displayName" sortable="true" width="110"/>
              <ReportColumnConfig field="application" header="label_application" property="application.name" sortable="true" width="110"/>
              <ReportColumnConfig field="attribute" header="label_attribute" property="name" sortable="true" width="110"/>
              <ReportColumnConfig field="value" header="entitlement" property="value" sortable="true" width="110"/>
              <ReportColumnConfig field="displayValue" header="label_display_value" property="application.id" scriptArguments="name,value,type" width="110">
                <RenderScript>
                  <Source>
                          
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            if (type != null &amp;&amp; type == Type.Entitlement &amp;&amp; appId != null &amp;&amp; name != null) {
                              Explanation exp = Explanator.get(appId, name, val, type.name());

                              if (exp != null) {
                                return exp.getDisplayValue();
                              }
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
              <ReportColumnConfig field="accountId" header="account_name" property="nativeIdentity" skipLocalization="true" sortable="true" width="110"/>
              <ReportColumnConfig field="accountDisplayName" header="account_display_name" property="displayName" skipLocalization="true" sortable="true" width="110"/>
              <ReportColumnConfig field="instance" header="instance" property="instance" sortable="true" width="110"/>
              <ReportColumnConfig field="source" header="identity_entitlements_source" property="source" sortable="true" width="110"/>
              <ReportColumnConfig field="aggregationState" header="identity_entitlements_aggregation_state_display" property="aggregationState" width="110"/>
              <ReportColumnConfig field="type" header="srch_input_def_entitlement_type" property="type" sortable="true" width="110"/>
              <ReportColumnConfig field="allowed" header="identity_entitlements_allowed" property="allowed" sortable="true" width="110"/>
              <ReportColumnConfig field="assigned" header="identity_entitlements_assigned" property="assigned" sortable="true" width="110"/>
              <ReportColumnConfig field="grantedByRole" header="identity_entitlements_granted_by_role" property="grantedByRole" sortable="true" width="110"/>
              <ReportColumnConfig field="assigner" header="identity_entitlements_assigner" property="assigner" sortable="true" width="110"/>
              <ReportColumnConfig field="lastCertName" header="identity_entitlements_cert_last" property="certificationItem.parent.certification.name" sortable="true" width="110"/>
              <ReportColumnConfig field="lastCertDate" header="identity_entitlements_cert_last_date" property="certificationItem.modified" sortable="true" width="110"/>
              <ReportColumnConfig field="lastRequestId" header="identity_entitlements_request_id" property="requestItem.identityRequest.name" sortable="true" width="110"/>
              <ReportColumnConfig field="classificationNames" header="rept_cert_col_classifications" property="application.id" scriptArguments="name,value,type" width="110">
                <RenderScript>
                  <Source>
                            
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            // Check if it is representing a role
                            if (ProvisioningPlan.ATT_IIQ_DETECTED_ROLES.equals(name) ||
                                    ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES.equals(name)) {

                                String classifiableId = ObjectUtil.getId(context, Bundle.class, val);
                                if (classifiableId != null) {
                                    ClassificationService service = new ClassificationService(context);
                                    return Util.listToCsv(service.getClassificationNames(Bundle.class, classifiableId));
                                }
                            }
                            // Otherwise it is an entitlement
                            else {
                                if (appId != null &amp;&amp; name != null &amp;&amp; type != null) {
                                    Explanation exp = type == Type.Permission ?
                                                      Explanator.get(appId, name) :
                                                      Explanator.get(appId, name, val);

                                    if (exp != null) {
                                        return Util.listToCsv(exp.getClassificationDisplayableNames());
                                    }
                                }
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
              <ReportColumnConfig field="elevatedAccess" header="label_elevated_access" property="application.id" scriptArguments="name,value,type" sortable="true" width="110">
                <RenderScript>
                  <Source>
                          
                            import sailpoint.api.Explanator;
                            import sailpoint.api.Explanator.Explanation;
                            import sailpoint.api.ObjectUtil;
                            import sailpoint.object.ManagedAttribute.Type;
                            import sailpoint.object.Bundle;
                            import sailpoint.object.ProvisioningPlan;
                            import sailpoint.service.classification.ClassificationService;
                            import sailpoint.tools.Util;

                            String appId = (String) value;
                            // aka attribute
                            String name = (String) scriptArgs.get("name");
                            String val = (String) scriptArgs.get("value");
                            Type type = (Type) scriptArgs.get("type");

                            if (type != null &amp;&amp; type == Type.Entitlement &amp;&amp; appId != null &amp;&amp; name != null) {
                              Explanation exp = Explanator.get(appId, name, val, type.name());
                              return exp == null ? null : exp.isIiqElevatedAccess();
                            }

                            return null;
                            
                        </Source>
                </RenderScript>
              </ReportColumnConfig>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>Displays identity/account entitlement information.</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessIdentityEntitlementReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument multi="true" name="identity" type="Identity">
        <Description>Identities to include in the report</Description>
        <Prompt>identities</Prompt>
      </Argument>
      <Argument multi="true" name="application" type="Application">
        <Description>Applications to include in the report</Description>
        <Prompt>applications</Prompt>
      </Argument>
      <Argument multi="true" name="attribute">
        <Description>Attirubtes to include in the report</Description>
        <Prompt>attribute</Prompt>
      </Argument>
      <Argument multi="true" name="entitlementValue">
        <Description>Attirubtes to include in the report</Description>
        <Prompt>attribute</Prompt>
      </Argument>
      <Argument name="accountId">
        <Description>Account ids to include in the report</Description>
        <Prompt>account_name</Prompt>
      </Argument>
      <Argument name="instance">
        <Description>Instances to include</Description>
        <Prompt>instance</Prompt>
      </Argument>
      <Argument name="source" type="string">
        <Description>Include only Entitlements with a specific source</Description>
        <Prompt>identity_entitlements_source</Prompt>
      </Argument>
      <Argument name="aggregationState" type="string">
        <Description>Include only connected or disconnected entitlements</Description>
        <Prompt>identity_entitlements_aggregation_state_display</Prompt>
      </Argument>
      <Argument name="type" type="string">
        <Description>Include only certain types of permissions. Either Permission or Entitlement</Description>
        <Prompt>srch_input_def_entitlement_type</Prompt>
      </Argument>
      <Argument name="allowed" type="string">
        <Description>Include only allowed entitlements</Description>
        <Prompt>identity_entitlements_role_allowed</Prompt>
      </Argument>
      <Argument name="assigned" type="string">
        <Description>Include only entitlements that are assigned</Description>
        <Prompt>identity_entitlements_assigned</Prompt>
      </Argument>
      <Argument name="assigner" type="string">
        <Description>Include only entitlements that has an assigner</Description>
        <Prompt>identity_entitlements_assigner</Prompt>
      </Argument>
      <Argument name="grantedByRole" type="string">
        <Description>Include only entitlements granted by a role.</Description>
        <Prompt>granted</Prompt>
      </Argument>
      <Argument name="pendingRequest" type="string">
        <Description>Include only entitlements that have a pending access request.</Description>
        <Prompt>pendingRequest</Prompt>
      </Argument>
      <Argument name="currentRequest" type="string">
        <Description>Include only entitlements that have a current access request.</Description>
        <Prompt>pendingRequest</Prompt>
      </Argument>
      <Argument name="pendingCertification" type="string">
        <Description>Include only entitlements that have a pending certification.</Description>
        <Prompt>pendingCertification</Prompt>
      </Argument>
      <Argument name="certified" type="string">
        <Description>Include only entitlements that have been certified.</Description>
        <Prompt>certified</Prompt>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

vishal_kejriwal1 · April 29, 2024, 2:32pm

@gopalmca1 , check above one .

vishal_kejriwal1 · April 30, 2024, 4:06pm

@gopalmca1 Did this worked out ?

gopalmca1 · April 30, 2024, 5:05pm

Hi @vishal_kejriwal1 Yes it worked, thank you so much!!

vishal_kejriwal1 · April 30, 2024, 5:09pm

Awesome !!
Good to know this helped .

system · June 29, 2024, 5:09pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Advanced Analytics Entitlement Search not showing fields IIQ Discussion and Questions identityiq	4	130	July 2, 2024
Searching roles or entitlements by any content part of the name IIQ Discussion and Questions identityiq , search	10	457	March 18, 2024
Customization of report to get certifier name IIQ Discussion and Questions identityiq , reports	10	242	September 8, 2024
Azure entitlement / group is showing as a guid rather than a display name ISC Discussion and Questions identity-security-cloud , entitlements	7	763	January 14, 2024
IT role entitlement is showing incorrect AD group information IIQ Discussion and Questions aggregation , identityiq , roles , entitlements	21	361	July 16, 2024

In Identity entitlement report, Entitlement Search Field is not working for Entitlement Display Name

Related topics