Is there anyway to skip account provisioning for few entitlements and allow provisioning for other

Try the below code.

import sailpoint.object.Identity;
import sailpoint.object.Bundle;
import sailpoint.object.PolicyViolation;
import java.util.List;
import sailpoint.object.Link;


PolicyViolation violation = null;
boolean vflag = false;
String desc = null;

Identity reqIdentity = identity;
Identity dbIdentity = context.getObjectByName(Identity.class, identity.getName());

List reqIdLinks = reqIdentity.getLinks();
List dbIdLinks = dbIdentity.getLinks();

reqIdLinks.removeAll(dbIdLinks);

boolean adFlag = false;

if (!reqIdLinks.isEmpty()) {

	for (Link link : reqIdLinks) {
		if (link.getApplicationName().equalsIgnoreCase("AD app")) {
			adFlag = true;
			break;
		}
	}

	if (adFlag) {
		vflag = true;
		desc = "You should have AD Account already before requesting for AD Groups";
	}
}

if (vflag) {
    violation = new PolicyViolation();
    violation.setActive(true);
    violation.setIdentity(identity);
    violation.setPolicy(policy);
    violation.setConstraint(constraint);
    violation.setDescription(desc);
    violation.setStatus(sailpoint.object.PolicyViolation.Status.Open);
  }
  return violation;

To understand how this works, check this post

Thanks
Krish

1 Like