Share all details related to your problem, including any error messages you may have received.
Hi Community,
I want to know the best way to change the parameters “Maximum deleted accounts/ groups” to a percentage rather than a fixed value for an account or group aggregation tasks. From my understanding the way it works is as a fixed value. So if I were to put 10, it would be 10 accounts not 10% of accounts. What’s the best way to go about this?
It’s totally depend on your requirement . if you think that no action is taken outside of iiq for account you can put some lower % but for group you can put some higher % may be 5%.
It’s the no. of accounts I believe. However, you can adjust the value using a custom rule if necessary. Determine the number of accounts retrieved from the system and establish a predefined threshold percentage. For instance, if there are currently 1000 accounts in the system, a rule could be set to trigger at 10%, which would be 100 accounts. If the account count increases to 1100 the next day, the rule would automatically adjust to 110 accounts, still maintaining the 10% threshold.
There is no normal way to convert this to a percentage.
The only way I can think of is to create a rule which loops over the TaskDefinitions, get the number of accounts for the ‘to be scanned’ applications and calculate the %. With this new number update the TaskDefintion.
This Rule can be scheduled to run as a (maintenance) task on a regular basis.
Thanks for the mention @Remold! Just to add to this if you run it via the Rule Runner plugin you have an additional layer of security in that you can stop an actively running rule midway using the stop button in the UI. To add log output during this run so you can see what’s going on just use the built-in log variable and you should be able to see log statements in real-time! So like this:
import sailpoint.object.*;
int deletionPercentage = 10;
List taskDefs = context.getObjects(TaskDefinition.class, new QueryOptions().addFilter(Filter.eq("parent.name","Account Aggregation")));
for (TaskDefinition td : taskDefs) {
String appName = td.getString("applications");
if (!appName.contains(",")) {
int accountCount = context.countObjects(Link.class, new QueryOptions().addFilter(Filter.eq("application.name",appName)));
int checkDeletedThreshold = 10;
if (accountCount > 100) {
checkDeletedThreshold = accountCount * deletionPercentage / 100;
}
log.debug("Currently calculating TaskDefinition: " + td.getName());
td.setArgument("checkDeleted", "true");
td.setArgument("checkDeletedThreshold", String.valueOf(checkDeletedThreshold));
context.saveObject(td);
}
}
context.commitTransaction();