Provisioning role to bulk users from rule

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Hi
I am writing one rule which is reteieve users based on some criteria using queryOptions and provisions a business role to them. the count of users for provisioning is in thousands, when i am trying to dothis its giving error like “please contact your administrator” beacause of no of provisionings. Is there any chance to do this by rule

Thanks.

2

can you share the logs or the code if you can?

4

Somethings:

Are you put all the necessary libray?
You are declaring the second iterator with same name of the first
you are not declaring the variable identity

5

Hi @enistri_devo
I used all neccessary libraries and I updated map with identity name and opreation which i need to perform. and I used identity obj in map iteration.
I need soultion for provision10k identies with one role in a rule

6

you have 2 way:

  1. Assign the role & refresh
    build the filter
    search all the identity and put in a list of identity
    assign the role on the identities and save with a for
    launch a refresh for those identities
    something like this:
Iterator iterator = context.search(Identity.class, qo);
Identity idn = iterator.next();
idn.setRoleAssignment(rolAsign);
context.startTransaction();
context.saveObject(identity);
context.commitTransaction();
  1. build plan
    build the filter
    search all the identity and put the name in a list
    build a plan for each identity

I was a little lost in you rule, I suggest to you to build the plan only in one place. A plan needs the Identity, NativeIdentity, Source, Operation, AccountRequest with operation, AttributeRequest with value and operation

7

Hi @sanjay_528 ,

I would not suggest using a rule to achieve the desired result.

My recommendation would be to use the “script” match criteria in a business role configuration to either return True / False based on the criteria you define.

After this has been achieved you can execute the Identity Refresh task with “refresh assigned, detected role and promote additional entitlements” selected in the task.

Please let me know if this helps.

8

Why you are not using ootb batch request option ?

9

Hi @sanjay_528,

If the use-case is just about role provisioning with some filters to assign Role, then have you tried using assignment rule of Role to provision business Role.

Let me know if there is some gap in the understanding of the requirement.

Thanks

10

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.