Report showing detected IT roles which are not allow by a Business role

Remold · February 7, 2024, 6:53pm

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Is there any report showing detected IT roles which are not allow by a Business role? Or does anyone have an example of the same?

At one of our customers we want to have a report showing the entitlements managed by IIQ through IT roles which are set on the application outside of IIQ (manually by an application administrator).

– Remold

amishra97 · February 7, 2024, 10:38pm

Hi @Remold
If I have understood the requirement correctly, then it is to obtain a report that includes all identities with IT roles that have not been assigned through business roles.
Our requirements were similar, therefore we customized the “User Details Report” OOTB report and added this script to one of the columns.

 import sailpoint.object.Identity;
 import sailpoint.object.Bundle;

 Identity identityObject = context.getObjectByName(Identity.class, value);
 List detectedRoles = identityObject.getBundles();
 List assignedRoles = identityObject.getAssignedRoles();

 List detectedRoleOutSideOfAssignedroles = new ArrayList();

 if (detectedRoles == null || detectedRoles.size() == 0) return "Detected Role Not Found";

 if (assignedRoles == null || assignedRoles.size() == 0) {
     // It means all IT roles are not assigned through business roles
     for (Bundle detectedRole: detectedRoles) {
         detectedRoleOutSideOfAssignedroles.add(detectedRole.getName());
     }
     return detectedRoleOutSideOfAssignedroles;
 }

 if (detectedRoles != null & amp; & amp; detectedRoles.size() > 0) {
     for (Bundle detectedRole: detectedRoles) {
         if (assignedRoles != null & amp; & amp; assignedRoles.size() > 0) {
             for (Bundle assignedRole: assignedRoles) {
                 if (!assignedRole.requires(detectedRole)) {
                     detectedRoleOutSideOfAssignedroles.add(detectedRole.getName());
                 }
             }
         }
     }
     if (detectedRoleOutSideOfAssignedroles.size() == 0) {
         return "All detected roles are assigned through business roles";
     } else return detectedRoleOutSideOfAssignedroles;
 }

Remold · February 7, 2024, 11:18pm

Thanks, I will try it this week

— Remold

system · April 7, 2024, 11:18pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
For line manager certification we want to set up a exclusion rule which will detect underlying IT roles in business role and remove for certification IIQ Discussion and Questions rules , identityiq , certifications	17	362	March 31, 2024
Does IDN detect roles like IIQ? ISC Discussion and Questions identity-security-cloud , roles	4	292	December 31, 2023
What is the best way to delete permitted roles/bundle in IIQ 8.3p3? IIQ Discussion and Questions identityiq , roles	4	227	March 23, 2024
I want all users details which contains a business role IIQ Discussion and Questions rules , identityiq , roles , access-requests	9	244	April 1, 2024
Role removal from Identity Cube IIQ Discussion and Questions identityiq , roles , tasks	4	171	March 14, 2024

Report showing detected IT roles which are not allow by a Business role

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related Topics