JDBC Provisioning Rule Enquiry

iris_deloitte · August 19, 2024, 2:30am

Hi All,

May I know if you can suggest some ways for me to write a JDBC provisioning rule that can fulfil the following requirements? Thank you so much.

Here is my use case:

Role is a multi-value attribute and it is an entitlement.
When there is a new role granted to the user, I want to add an additional row to my DB.
When there is a role deleted, I want to delete that particular row.

Here is how my DC should look like:
UserID, FirstName, LastName, Email, Role
1001, Emily, Lee, [email protected], HR
1002, Eric, Chan, [email protected], Finance
1003, James, Bond, [email protected], Sales
1001, Emily, Lee, [email protected], Finance (<- this is the new role granted to Emily)

This JDBC rule is working fot me but the above function is not fulfilled.
sample JDBC provision rule - work.xml (4.7 KB)

Arun-Kumar · August 19, 2024, 4:12am

Hi @iris_deloitte,

When a new role is granted to a user, an additional row should be added to the database. To achieve this, your table schema must allow multiple entries for the same UserID with different roles. Create a composite primary key or unique constraint on the combination of UserID and Role . The table schema should be as follows.

CREATE TABLE dbo.POC (
    UserID VARCHAR(255),
    FirstName VARCHAR(255),
    LastName VARCHAR(255),
    Email VARCHAR(255),
    Role VARCHAR(255),
    PRIMARY KEY (UserID, Role)
);

JDBC_Provisioning.java (5.1 KB)

Once the table schema is updated, you can try using the attached provisioning rule.

Regards,
Arun

Arun-Kumar · August 19, 2024, 10:49am

Hi @iris_deloitte,

Rule does not exist or rule name is wrong in your ISC environment.
Could you please check that?

Regards,
Arun

Arun-Kumar · August 20, 2024, 6:52pm

Hi @iris_deloitte,

Did the rule meet your requirements?

Regards,
Arun

iris_deloitte · August 22, 2024, 1:39am

Hi Arun,

Thank you so much for your reply. I have tried it but the records seem to have some issue.

As shown in the image, when I add a new entitlement, the first name, last name and email value are null but a row with new role can be inserted into the db.

For the case of deleting one entitlement, it turns out that that particular row can be deleted. But the role value of other rows are set to be null as shown in the image.

May I know if you have any idea in fixing it? I do think your code makes perfect sense and really appreciate it. Thank you very much.

Arun-Kumar · August 22, 2024, 8:22am

Hi @iris_deloitte,

I have removed the first name, last name, email from add new entitlement plan. Now, you can add a new entitlement as per your requirement.
Regards to the delete entielement, primary key is combination of role and User ID in Table schema, . Can’t insert null into primary key field(Role).
Is there any business reason to set the Role to null?
JDBC_Provisioning.java (4.8 KB)

Regards,
Arun

system · October 21, 2024, 8:23am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JDBC Provisioning Guide ISC Discussion and Questions identity-security-cloud , provisioning , jdbc-connector	6	543	January 13, 2025
How to fetch the entitlement attributes in JDBC Provisioning Rule ISC Discussion and Questions identity-security-cloud , provisioning	22	317	December 21, 2024
Jdbc provisioning rule to add and remove user-role association and I want to use 2 different tables in same provisioning rule ISC Discussion and Questions apis , aggregation , provisioning	3	383	June 20, 2023
JDBC Provisioning Rule showing NULL values for Roles/Entitlements ISC Discussion and Questions rules , identity-security-cloud , provisioning , entitlements , jdbc-connector	7	905	May 20, 2024
JDBC - automatic Role provisioning IIQ Discussion and Questions identityiq , provisioning , roles , jdbc-connector	4	77	September 1, 2024

JDBC Provisioning Rule Enquiry

Related topics