New to SailPoint IIQ. I am trying to list out the users that do not have HR application in SailPoint. I am using following Query Filter, that does not give me correct users.
Can anyone help to fix this filter?
QueryOptions qo = new QueryOptions();
qo.addFilter(Filter.and(Filter.eq("links.application.name", "Active Directory"), Filter.eq("links.disabledAccount", "false")));
qo.addFilter(Filter.and((Filter.eq("orgStatus", "Hired")));
qo.addFilter(Filter.and((Filter.eq("iiqStatus", "Active")));
qo.addFilter(Filter.and(Filter.ne("links.application.name", "HR")));
List userList = new ArrayList();
Iterator it = context.search(Identity.class, qo);
while(it.hasNext()){
Identity id = (Identity) it.next();
userList.add(id.getAttribute("staffId"));
}
return userList;
Hello @pallavi
Thank you for your response. Where I am struggling is finding the identities that do not have “HR” Application . I am using this filter statement "Filter.ne(“links.application.name”, “HR”)
but it does not filters out the identities without "HR " application account.
Could you provide me any idea that can filter out the identities with out “HR” account.
Use the filters below. If the AD account is disabled, you’ll receive the value for the disabled account attribute. If the AD account is active, you won’t see the disabled account attribute value. So, i used, Filter.isnull(“links.disabledAccount”) condition.
Hello @Arun-Kumar
Thank you for your detailed response.
This line of filter [qo.addFilter(Filter.ne(“links.application.name”, “HR”));] still returns identity with HR application.
Is there other way of doing it?
Here’s how you can adjust your code to achieve the desired result:
Retrieve identities matching the initial criteria.
Filter out identities that have an HR link in your code logic.
QueryOptions qo = new QueryOptions();
// Filter for identities that have an Active Directory account that is not disabled
Filter adLinkFilter = Filter.and(
Filter.eq("links.application.name", "Active Directory"),
Filter.eq("links.disabledAccount", false) // Use boolean false instead of the string "false"
);
// Filters for orgStatus and iiqStatus
Filter orgStatusFilter = Filter.eq("orgStatus", "Hired");
Filter iiqStatusFilter = Filter.eq("iiqStatus", "Active");
// Combine all filters using Filter.and
Filter overallFilter = Filter.and(
adLinkFilter,
orgStatusFilter,
iiqStatusFilter
);
// Add the overall filter to QueryOptions
qo.addFilter(overallFilter);
List<String> userList = new ArrayList<>();
Iterator it = context.search(Identity.class, qo);
while(it.hasNext()){
Identity id = (Identity) it.next();
// Check if the identity has an HR link
boolean hasHRLink = false;
List<Link> links = id.getLinks();
if (links != null) {
for (Link link : links) {
if ("HR".equals(link.getApplicationName())) {
hasHRLink = true;
break;
}
}
}
// Add to the list only if the identity does NOT have an HR link
if (!hasHRLink) {
userList.add((String) id.getAttribute("staffId"));
}
}
return userList;
Explanation:
Initial Filtering:
We first filter identities based on:
Having an Active Directory account that is not disabled.
orgStatus equal to "Hired".
iiqStatus equal to "Active".
Checking for HR Link in Code:
After retrieving the identities that match the initial criteria, we iterate through their links to check if any link is associated with the HR application.
If an identity does not have an HR link, we add their staffId to the userList.
Hello @officialamitguptaa
Thank you very much for this. It worked but I had to change the boolean false to string “false” Filter.eq(“links.disabledAccount”, “false”). Otherwise throwing error.