Report showing detected IT roles which are not allow by a Business role

Remold · February 7, 2024, 6:53pm

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Is there any report showing detected IT roles which are not allow by a Business role? Or does anyone have an example of the same?

At one of our customers we want to have a report showing the entitlements managed by IIQ through IT roles which are set on the application outside of IIQ (manually by an application administrator).

– Remold

amishra97 · February 7, 2024, 10:38pm

Hi @Remold
If I have understood the requirement correctly, then it is to obtain a report that includes all identities with IT roles that have not been assigned through business roles.
Our requirements were similar, therefore we customized the “User Details Report” OOTB report and added this script to one of the columns.

 import sailpoint.object.Identity;
 import sailpoint.object.Bundle;

 Identity identityObject = context.getObjectByName(Identity.class, value);
 List detectedRoles = identityObject.getBundles();
 List assignedRoles = identityObject.getAssignedRoles();

 List detectedRoleOutSideOfAssignedroles = new ArrayList();

 if (detectedRoles == null || detectedRoles.size() == 0) return "Detected Role Not Found";

 if (assignedRoles == null || assignedRoles.size() == 0) {
     // It means all IT roles are not assigned through business roles
     for (Bundle detectedRole: detectedRoles) {
         detectedRoleOutSideOfAssignedroles.add(detectedRole.getName());
     }
     return detectedRoleOutSideOfAssignedroles;
 }

 if (detectedRoles != null & amp; & amp; detectedRoles.size() > 0) {
     for (Bundle detectedRole: detectedRoles) {
         if (assignedRoles != null & amp; & amp; assignedRoles.size() > 0) {
             for (Bundle assignedRole: assignedRoles) {
                 if (!assignedRole.requires(detectedRole)) {
                     detectedRoleOutSideOfAssignedroles.add(detectedRole.getName());
                 }
             }
         }
     }
     if (detectedRoleOutSideOfAssignedroles.size() == 0) {
         return "All detected roles are assigned through business roles";
     } else return detectedRoleOutSideOfAssignedroles;
 }

Remold · February 7, 2024, 11:18pm

Thanks, I will try it this week

— Remold

system · April 7, 2024, 11:18pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Making business roles not-requestable IIQ Discussion and Questions identityiq , roles , access-requests	8	228	July 20, 2024
Manager Certification - Detected Roles and Assigned Roles IIQ Discussion and Questions identityiq	7	54	November 8, 2024
Identity has all the entitlements, but the IT role is not detected IIQ Discussion and Questions identityiq , roles , entitlements	8	211	August 4, 2024
Question about IIQ Role Management IIQ Discussion and Questions identityiq , roles , connectors	5	317	March 25, 2024
Multiple Role Detection issue with same entitlements IIQ Discussion and Questions identityiq , roles	8	293	March 11, 2024

Report showing detected IT roles which are not allow by a Business role

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related topics