Retrieve account attributes in JDBC Provision Rule

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

IdentityNow

Share all details related to your problem, including any error messages you may have received.

How to get account attributes and entitlement type in the jdbc provision rule for a jdbc source, on entitlement revoke in certification campaign. Currently I can see only the NativeIdentity and the entitlement name (which is revoked) is what I am getting in the jdbc provision rule. I want even retrieve the entitlement type for the role attribute from account couldn’t find any documentation on the same. Any references would be of great help!

userId from the below code segment is always returning as null, I tried provisioning policy after I found an topin in developer forum but not successful

 if (AccountRequest.Operation.Modify.equals(account.getOperation())) {
					
					
					
					    String nativeIdentity = (String) account.getNativeIdentity();
						
						log.error("Native Identity : " + nativeIdentity);
						String role = getAttributeRequestValue(account,"role");
						log.error("Role : " + role);
						String userId = getAttributeRequestValue(account,"id");
						log.error("UserId : " + userId);
}
2

To get additional details about the attributerequests, you need to get the ManagedAttribute object using managedAttributer API.

if (AccountRequest.Operation.Modify.equals(account.getOperation())) {
   String nativeIdentity = (String) account.getNativeIdentity();
   String reqValue = getAttributeRequestValue(account,"role");
   String userId = getAttributeRequestValue(account,"id");
   
String appname = account.getAppplicationName();
Application appObj = context.getObjectByName(Application.class, appname);

ManagedAttributer attributer = new ManagedAttributer(context);
ManagedAttribute att = attributer.get(context, appObj.getId(), "role", reqValue);
//assuming "role" is the attributerequest name

log.debug("ManagedAttribute XML:::"+att.toXml());
log.debug("Request type:::" +att.getType());
}
1 Like
3

Please find the code sample that you may use to get the details from plan and account request.

List<AccountRequest> accountRequestList=plan.getAccountRequests();
		
		for(AccountRequest accReq:accountRequestList)
		{
			String accountID=accReq.getNativeIdentity();
			List<AttributeRequest> attribRequestList=accReq.getAttributeRequests("role");
			for(AttributeRequest attribReq:attribRequestList)
			{
				String attribName=attribReq.getName();
				String attribValue=(String) attribReq.getValue();
				Application app=context.getObjectByName(Application.class,accReq.getApplication());
				ManagedAttribute ma=ManagedAttributer.get(context, app, attribName, attribValue);
				
				System.out.println("Type :: "+ma.getType());
				
			}
		
		}
1 Like
4

@madhukumar
Can you please share more clear details here, did you try printing the plan to check if id is part of attribute request
Also do you have multiple object types of entitlement within your application or only one time, didn’t get your exact case related to type

1 Like
5

Only one entitlement object type called role and it has two schema attributes called id and name.

I didn’t print the plan, when I treid to print all attributes in the accountrequest all I can see is role.

6

If you use the OOTB forms you can pretty much load every account attribute and have it available on the Provisioning Rules through Plan.

as you control the provisioning this shouldn’t be a problem at all.

Best

1 Like
7

@madhukumar The provisioning plan contains list of account requests and account request contains the native identity and application name.
Each account request contains list of attribute requests and each attribute request holds the name (i.e. the object type) and value (entitlement value).
In your case role is the object type, where id and name are 2 schema attributes of “role”.
As far I know, the provisioning plan never contains the schema attributes of the object type (i.e. role) unless we pass it to the plan through provisioning policy or any other means.

So, in your case, you have to use the attribute request name, value and application name to get the managed attribute object and from there you can get the necesssary attribute values (such as entitlement type).
Hope this makes sense.

1 Like
8

Does this code snippet work for identityNow jdbc provision rule?

9

I am not sure about about IdentityNow. The code snippet is related to IIQ.

10

No cause the provisioning rule is executed on the VA .

best

11

Any example provisioning policy you can share to get the role schema attributes (id,name)?

12

In Identity Now, by creating the below provisioning policy managed to get account attributes in the JDBC Provisioning Rule for Revoke/Update operation. Still havn’t figured out how to pass the entitlement Types using provisioning policy.

[
{
“name”: “Account”,
“description”: null,
“usageType”: “UPDATE”,
“fields”: [
{
“name”: “id”,
“transform”: {
“type”: “accountAttribute”,
“attributes”: {
“sourceName”: “<SOURCE_NAME>”,
“attributeName”: “<ATTRIBUTE_NAME>”
}
},
“attributes”: {},
“isRequired”: false,
“type”: “string”,
“isMultiValued”: false
}
]
}
]

public String getAttributeRequestValue(AccountRequest acctReq, String attribute) {

	if ( acctReq != null ) {
	  AttributeRequest attrReq = acctReq.getAttributeRequest(attribute);
	  if ( attrReq != null ) {
		return attrReq.getValue();
	  }
	}
	return null;
  }

String userId = getAttributeRequestValue(account,“<ACCOUNT_ATTRIBUTE>”);

13

@madhutelugu Is this issue resolved? If not, I recommend that you post this question in ISC Discussion and Questions.

14

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.