Problem
Need to determine if a role exists on a user.
Solution
Example:
{
"id": "9772f8d4-7ef8-40ca-a3a8-bd1ea85c0996",
"name": "hasO365License",
"type": "static",
"attributes": {
"requiresPeriodicRefresh": "true",
"value": "#set($roleAssignments = $identity.getRoleAssignments())#set($hasO365License = false)#foreach($roleAssignment in $roleAssignments)#if($roleAssignment.roleName.contains('O365:'))#set($hasO365License = true)#break#end#end$hasO365License"
},
"internal": false
}
This transform is using Velocity Template Language (VTL) to determine if the identity has any role assignments that contain “O365:” in the role name. Here’s a breakdown of what the transform is doing:
-
It retrieves all the role assignments for the identity using
$identity.getRoleAssignments()method and stores them in the$roleAssignmentsvariable. -
It initializes a boolean variable
$hasO365Licensetofalse. This will be used to store whether the identity has an O365 license or not. -
It then loops through each role assignment using
#foreach($roleAssignment in $roleAssignments). -
For each role assignment, it checks if the role name contains the string “O365:” using
#if($roleAssignment.roleName.contains('O365:')). -
If a role assignment is found with “O365:” in the name, it sets
$hasO365Licensetotrueand breaks out of the loop using#break. This is done because we only need to know if the identity has at least one O365 license, not the specific number of licenses. -
After the loop finishes, the value of
$hasO365Licenseis returned, which will be eithertrueorfalsedepending on whether an O365 license was found in the identity’s role assignments.
In summary, this transform checks the identity’s role assignments and returns true if the identity has at least one role with “O365:” in the name, indicating they have an O365 license, and false otherwise.
The requiresPeriodicRefresh attribute is set to true, which means this transform will be re-evaluated periodically to ensure the O365 license status stays up-to-date.