Hi, everyone!
I want to write rule to create a report from this rule. At the beginning, I have problem, how can I get all business roles from IdentityIQ to list?
What is more, I want to return in my rule a list of strings. How can I create a report from this rule? I just want every element (every string) of this list to be in another row.
Before answering your questions, I would like to know where you would like to get the output ?
If you are planning to Run the Rule in debug page then remember that It will error out if it takes more time but the script will be running.
Alternatively, you can output to a file which will be stored in Apache Tomcat server.
Give me sample data how your report should look like, so that I can help you with sample code.
Thanks
Krish
Hi Aleksandra,
What I would do is create a report and run this report via the rule.
Create report:
Use advanced analytics, select Search type Role and set Type to Business and save the result as a report
or create a Java report (or maybe HQL, or any other custom report)
Reporting with a Java DataSource - Compass
Run report (which is basically a task):
Running a task from a rule or workflow - Compass
To get a list of Business roles in Beanshell, use a Filter, QueryOptions and context.getObjects(Bundle.class, <qo>);
And please answer Krishna, so we can give a better answer (with sample code etc) 
– Remold
@MVKR7T to be honest, I just want to have report like this:
Business role name | IT role name | Permitted/Required | Application name | Entitlement name
and I couldn’t find a way how to do it by script, but I think I can do it by rule. I just want to create in rule list of string like this one:
“BusinessRoleName;ITRoleName;Required;ApplicationName;EntitlementName”
and then in every row I would have string like this and I can split it by delimiter.
If you are looking for a Report with multiple Rows having same business Role,
Biz Role1 | IT Role 1 | Permitted
Biz Role1 | IT Role 2 | Required
Biz Role1 | IT Role 3 | Permitted
I doubt this, whether it is possible to repeat the Rows. That might be complex.
However you requirement is definitely complex, I don’t think any OOTB approach can fulfil this requirement.
I will give you the sample code shortly for your requirement.
Thanks
Krish
@MVKR7T I will be grateful for your help, I really need such a report. I thought that this approach makes it easier to get what I want, I can do things like separating columns with a delimiter in Excel. However, I really need to get some information from IIQ, such as:
This IS possible, but stated it is a bit complex.
I have created it for 1 of my customers using a JavaSource Report. This loops over the Business Roles and use the same loop for the permitted and the required roles.
The loop sniplet:
private void prepare() throws GeneralException {
if (log.isDebugEnabled()) log.debug("prepare");
QueryOptions ops = new QueryOptions(this.baseQueryOptions);
ops.setCloneResults(true);
if ((this.startRow != null) && (this.startRow.intValue() > 0)) {
ops.setFirstRow(this.startRow.intValue());
}
if ((this.pageSize != null) && (this.pageSize.intValue() > 0)) {
ops.setResultLimit(this.pageSize.intValue());
}
this.bundleIterator =
this.context.search(
Bundle.class,
ops,
Arrays.asList(new String[]{"id"})
);
}
private void prepare() throws GeneralException {
if (log.isDebugEnabled()) log.debug("prepare");
QueryOptions ops = new QueryOptions(this.baseQueryOptions);
ops.setCloneResults(true);
if ((this.startRow != null) && (this.startRow.intValue() > 0)) {
ops.setFirstRow(this.startRow.intValue());
}
if ((this.pageSize != null) && (this.pageSize.intValue() > 0)) {
ops.setResultLimit(this.pageSize.intValue());
}
this.bundleIterator =
this.context.search(
Bundle.class,
ops,
Arrays.asList(new String[]{"id"})
);
}
...
if ((this.requiredIterator != null) && (this.requiredIterator.hasNext())) {
this.requiredBundle = this.requiredIterator.next();
this.permittedBundle = null;
return true;
}
if ((this.permittedIterator != null) && (this.permittedIterator.hasNext())) {
this.permittedBundle = this.permittedIterator.next();
this.requiredBundle = null;
return true;
}
}
return false;
}
At the … you can fill the this.<column_variables> being the column data for the row.
And:
this.currentBundle = the Business Role for the row
this.requiredBundle = the Required IT Role for the row (or null when in the permitted iterator)
this.permittedBundle = the Permitted IT Role for the row (or null when in the required iterator)
– Remold
BTW for my client the report contains some other data from the roles, so I can not directly share that report.
If needed I can create the needed report over the weekend.
– Remold
@Remold If you have time, I’d love to see your report. I’ll try to create it myself after the weekend, but I don’t know if I’ll succeed. I’m just learning to create custom things in SailPoint, e.g. custom reports. Thank you very much for help!
Hi Alexandra,
Hereby the report class file: BusinessRoleReport.class (9.0 KB)
<IIQ Root Folder>/WEB-INF/classes/nl/remold/sailpoint/reports
→ Global Settings → Import from FileBusiness Role Report to be found in category ‘Role Management Reports’Example report output:
I hope this is what you are looking for and you’re able to get this report in your IdentityIQ.
(I will share the java code of the report at SailPoint · GitHub, but need to find time to do this 
)
– Remold
@Remold thank you really, I would be greatful to see your code of BusinessRoleReport.class. I tried to run it, but I have problem with location of this file (BusinessRoleReport.class).
The code it to big to copy/paste it here. I will try to see if I can put it in a public git repository.
The class file must be placed in the directory <IIQ Root Folder>/WEB-INF/classes/nl/remold/sailpoint/reports
Where the <IIQ Root Folder> is the directory of IdentityIQ (for example/opt/tomcat/webapp/identityiq).
– Remold
The report is now shared in the tools community tools:
IIQ Business Role Report
Here you can find the link to the git-repository which holds the source file of the report.
– Remold
Hi, thank you for your help!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
