Share all details about your problem, including any error messages you may have received.
Hi Experts,
Recently, I created a quicklink population and implemented a rule to hide unnecessary roles and display roles based on the requestee’s criteria (such as their title/level).
The rule works fine when users are requesting a role on behalf of a single user. However, when requesting a role on behalf of multiple users, the system displays the following error. This occurs because the requestee argument returns null when multiple users are specified.
I’m stuck at this point and would appreciate any advice from experts. I still hope to achieve my goal of allowing users to request roles on behalf of multiple users.
My rule to show necessary role based on identity condition
import sailpoint.object.Filter;
import sailpoint.object.Identity;
// Get identity attributes
String identityType = requestee.getAttribute(“identityType”); //highlighting requestee, because error from this
String workerBadgeType = requestee.getAttribute(“workderbadgetype”); //highlighting requestee, because error from this
// Initialize filter
Filter filter = null;
//my logic to filter which role to show is here
if (){
It was a expected behaviour for bulk requests. However you can add null check on requestee, you would able to receive the value in requestee parameter after you choose any role. I’m attaching the description what was mentioned in the rule, for your reference.
That’s the expected behaviour for multiple / bulk users selection. You can see all roles/accesses but it will not allow you to select everything. Though you can see all, you can choose only selected roles as per your filter.
Same thing had explained in the description of argument as per above attached screenshot.
I have updated the condition in my null check. I agree that all roles/accesses will display, but users can still select any of the roles. I tested the role request, and the role is actually provisioned to the user, even though they are not supposed to have it.
@Bernardc Yes, user can select the role but then in selection it will show this user as per dynamic scope rule should have access or not.
“Identity on whose behalf the Life Cycle Manager request is being made. In the case of bulk requests, this argument will be set to null when determining the roles that are visible to the requestor. It will be provided once a selection has been made in order to determine whether or not the given requestee should have access to the selected role.”
I’d like to provide an update: it works once a null check is added. The requestee argument now handles multiple requestees as expected. As described below, users who are not supposed to have a specific role or entitlement will receive an alert and will not be able to submit the request.
