Manager Certification With an Exclusion Rule

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Launch Manager Certification​

  1. Configure and Launch a Manager Certification for the ‘Business - App’ application. This should certify both entitlements and accounts on the application.​
  2. Define a Certification Exclusion Rule to exclude entitlement value which is ‘Admin’.​
  3. The Certification should not include Inactive Employees for its launch.​
  4. The active period of the certification should be 1 day. After this time period, all undecided items should automatically taken as approved.​
  5. Launch the Certification.​

Expected Output:​

Certification is launched successfully and is in Active Phase​

Upon clicking, the individual certifications are assigned to various managers, each having the subordinates accounts for review.​

Upon a revoke/approve decisions of all the items under a Manager Access Review, the system should prompt for sign-off.​

Upon sign-off, a revocation work item is created and assigned to the application owner for all items that were decided as Revoked.​

for exclusion rule I used the below code:

import sailpoint.object.Identity;
log.trace(“Entering Exclusion Rule.”);
String explanation = “”;
Identity currentUser = (Identity) entity;
if(currentUser==null){
return “Identity is null”;
}
else{
if ( currentUser.isInactive()) {
log.trace("Inactive User: " + currentUser.getName());
log.trace(“Do not certify.”);
itemsToExclude.addAll(items);
items.clear();
explanation = “Not certifying inactive users”;
}
else if (currentUser.getAttribute(“User Level”).equals(“Admin”)) {
log.trace("Identity is Admin: " + currentUser.getName());
log.trace(“Do not certify.”);
itemsToExclude.addAll(items);
items.clear();
explanation = “Not certifying contractors”;
}
else {
log.trace("Active Employee: " + currentUser.getName());
log.trace(“Do certify.”);
}
}
return explanation; * An unexpected error occurred: The application script threw an exception: java.lang.NullPointerException: Attempt to invoke method equals on null value BSF info: Admin With Null at line: 0 column: columnNo

2

in the elseif block condition check currentUser.getAttribute(“User Level”) is not null or empty before doing currentUser.getAttribute(“User Level”).equals(“Admin”)

3

import sailpoint.object.Identity;
log.trace(“Entering Exclusion Rule.”);
String explanation = “”;
Identity currentUser = (Identity) entity;
if(currentUser==null){
return “Identity is null”;
}
String userLevel=currentUser.getAttribute(“User Level”);
if(userLevel==null){
return “user level is null”;
}
else{
if ( currentUser.isInactive()) {
log.trace("Inactive User: " + currentUser.getName());
log.trace(“Do not certify.”);
itemsToExclude.addAll(items);
items.clear();
explanation = “Not certifying inactive users”;
}
else if (userLevel.equals(“Admin”)) {
log.trace("Identity is Admin: " + currentUser.getName());
log.trace(“Do not certify.”);
itemsToExclude.addAll(items);
items.clear();
explanation = “Not certifying contractors”;
}
else {
log.trace("Active Employee: " + currentUser.getName());
log.trace(“Do certify.”);
}
}
return explanation;

Is it correct?

4
  • Access Review ‘Manager Access Review for Aaron Nichols’ was not created because there were no users to certify.
  • Access Review was not created for sailpoint.object.Identity@38db6248[id=a9fe2b0b880e172081880f3884b901c4,name=1c2a3a] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@50328c32[id=a9fe2b0b880e172081880f3884eb01c6,name=1c2a3b] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@5df2739b[id=a9fe2b0b880e172081880f38851e01c8,name=1c2a3c] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@3ddbe3f3[id=a9fe2b0b880e172081880f38854501ca,name=1c2a3d] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@17821423[id=a9fe2b0b880e172081880f38844601be,name=1c2a] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@16e8813b[id=a9fe2b0b880e172081880f38856d01cc,name=1c2b3a] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@72eba12[id=a9fe2b0b880e172081880f3885a601ce,name=1c2b3b] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@582c988a[id=a9fe2b0b880e172081880f3885d801d0,name=1c2b3c] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@75c3a922[id=a9fe2b0b880e172081880f38861c01d2,name=1c2b3d] because there were no Identities to certify
  • Access Review was not created for sailpoint.object.Identity@2a61574c[id=a9fe2b0b880e172081880f38846901c0,name=1c2b] because there were no Identities to certify

And also I’m getting this warning when opened the scheduled certification.can you please help me.

5

You would need to confirm if you need to exclude items where userlevel is null or not.
Also, to test this you can pick a manager which you think should have items generated and validated if appropriate items are being displayed.

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.