Quicklink Population: Filtering what a user can select to remove

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

In our instance, we have entitlements show up on the remove access page for users that we are currently not ready for Identity IQ to automate, so it creates manual tasks. We have them not requestable so that can’t be requested on the add access page, but would like to have them filtered out on the remove access page so they cannot be requested for removal. I’ve tried to make a rule similar to the one described here Creating a way for a manager to only request specific entitlements and roles, but no success.

We currently only have two applications that have entitlements, AD & Epic, we want to hide all entitlements tied to the Epic Applications from the Remove Access screen.

Thank you ahead of time for any help and guidance.

Hi @brownric,

you need to set RequestObjectSelector rule in your quicklink population for entitlment in remove section:

In this rule you need to create a filter with your conditions, put in a QueryInfo and return it; this is enabling rule, so you must create you filter for application != Epic (or somenthing else).

Check if the accoutn that you use are not quicklink conflict.

If you can, share your rule and logs and we’ll fix it together

Here is where I started with the rule, so that it would only show entitlements within Active Directory. and I tried setting it for both Applications and Entitlements rule.

  <Source>

  import sailpoint.object.Filter;
  import sailpoint.object.Identity;
  import sailpoint.object.QueryOptions;
  import sailpoint.object.QueryInfo; 

  Filter entFilt1 = Filter.eq("application.name", "Active Directory-M01");

  QueryInfo finalQueryInfo = new QueryInfo(entFilt1, false);
  return finalQueryInfo;

  </Source>```

the rule is ok, which user are using for the test?
Enter in Sp with a no-admin user and assing it (or his group/population) at this quicklink

Basic user, the rule is applied to the Everyone Quicklink Population,

  1. Logged into SP as the basic user with no SP Admin Privileges
  2. Went into Manage User Access
  3. Selected a user that I know has Epic Access Entitlements
  4. Went into the Manage Access Screen
  5. Selected the Remove Access Section
  6. Epic Entitlements still show in the list, and can be selected and submitted for removal.

ah ok, dont use Everyone. Is not explicit but Everyone is a particular quicklink.

also i find this topic of user with same problem and he explain a solution.

Can you try to create a new quickliks and disable Request Access in Everyone?

And is very important this part:


be sure you account is only in the new quicklink

That was it. Thank you so much!!

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.