Role Assigment Dates

Which IIQ version are you inquiring about?

Version 8.4

Please share any images or screenshots, if relevant.

identity.jpg3566×1440 218 KB

data.jpg2304×1440 74.6 KB

request.jpg3661×1440 187 KB

dataChange.jpg3698×1440 183 KB

Share all details related to your problem, including any error messages you may have received.

Hi and Hello,
I have problem with my workflow (one step). My workflow start livecycle event, change attribute. On one step it is deleting old roles. I would like to add possiblity for menager to choose data when it should be delete no always when is acceptance. To have this icon on form I need to add some date in code and this could be a problem. I have icon on form, I see a change( menager can change data). After workflow is end on identity I see only previos data from code not from form which choose manager.
Maybe somebody can help with that?

I put my step and screens.

Build Provisioning Plan

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningProject;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.Identity;
import sailpoint.object.Bundle;
import java.util.Date;
import java.sql.Timestamp;
import java.util.List;

import sailpoint.tools.GeneralException;
import org.apache.log4j.Logger;

                Logger log = Logger.getLogger("iiq.development");
                log.debug("--------------------Step Build Provisioning Plan Mover Start--------------------------------");

                Identity identity = context.getObjectByName(Identity.class, identityName);
                log.debug("Start building a quota plan for an identity: " + identityName);

                ProvisioningPlan plan = new ProvisioningPlan();
                plan.setIdentity(identity);

                plan.setNativeIdentity(identity.getName());

                log.debug("Plan----------> " + plan.toXml());

                log.debug("Retrieving the list of roles to remove from the previous step");
                List foundRoles = (List) workflow.get("foundRoles");
                log.debug("Number of roles to remove: " + (foundRoles != null ? foundRoles.size() : "The role list is null."));

                if (foundRoles != null && !foundRoles.isEmpty()) {
                    AccountRequest accRequest = new AccountRequest();
                    accRequest.setApplication("IIQ");
                    accRequest.setOperation(AccountRequest.Operation.Modify);
                    accRequest.setNativeIdentity(identity.getName());
   
    Map attributes = accRequest.getArguments();
    if(attributes == null)  {
    attributes = new HashMap();
    }
    accRequest.put("startDate",new Date(new Timestamp(1714428000000L).getTime()));
   
    accRequest.put("endDate", new Date(new Timestamp(1750000000000L).getTime()));

for (String role : foundRoles) {

AttributeRequest attr= new AttributeRequest(“assignedRoles”,ProvisioningPlan.Operation.Remove, role);
attr.put(“addDate”, new Date(new Timestamp(1714428000000L).getTime()));

    attr.put("removeDate", new Date(new Timestamp(1750000000000L).getTime()));
   
    accRequest.add(attr);
                        log.debug("Add role to remove: " + role);
                    }
                    plan.add(accRequest);
                } else {
                    log.debug("There are no roles to remove.");
                }

                log.debug("The assignment plan was built for " + identityName + ".");
                log.debug("Plan----------> " + plan.toXml());
                log.debug("--------------------Step Build Provisioning Plan Mover End--------------------------------");
                return plan;

Regards,
Adam

Hi Adam,

There are a few posts on Compass for the same. For instance:
How to Update Sunset Date in a Task

It might be a better idea to look at: KOGIT Access Request Extension or contact @mike818148 for information on the plugin

– Remold

Hello @AdamVentum,

Here is an example, I used in my code to construct a ProvisioningPlan with Start/End Dates:

ProvisioningPlan plan = new ProvisioningPlan();
plan.setIdentity(identity);
plan.setSource("LCM");
ProvisioningPlan.AccountRequest accReq = new ProvisioningPlan.AccountRequest(ProvisioningPlan.AccountRequest.Operation.Modify, ProvisioningPlan.APP_IIQ, null, null);
AttributeRequest addAttReq = new AttributeRequest(ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES, ProvisioningPlan.Operation.Add, roleName, ProvisioningPlan.ASSIGNMENT_ID_NEW);                                                       
addAttReq.setAddDate(addDate);
addAttReq.setRemoveDate(removeDate);
accReq.add(addAttReq);

As you might noticed, the start/end date is set on AttributeRequest object by using functions: setAddDate() and setRemoveDate() instead of AccountRequest.

In addition, the KOGIT Access Request Extension is a Freeware Plugin, which you can use it to customize Manage User Access GUI with additional checkings (e.g. mandatory Start/End dates, validate Start/End dates). You can request from my company, and can also ask question on the community to me.

ps. Thanks @Remold for pointing me here

Thank you @Remold and @mike818148. I will check this at this week.

Regards,
Adam

Hi and Hello,

Unfortunately, I was unable to add a date. So I changed my assumptions. I created a “Certification Event”. Just like the workflow is started by changing an attribute. In it, I created a rule for adding roles. With the certification, I took away my old authorizations and roles. I even added an Exclusion rule. All emails to managers about the start of certification, notifications and the end of the campaign have been sent. And most importantly, I can choose the date!
Somehow I didn’t use certification very often before, but now I know that quite a lot can be achieved in this topic. I will try to add “IIQ show and tell” a little more information in some time

Thank you @Remold and @mike818148 Thanks to you, I explored the topic.

image1666×799 59.8 KB

image3638×540 46.5 KB

image1936×1042 131 KB

Regards,
Adam

Hi and Hello,

more info about this topic.

Certification Event - IdentityIQ (IIQ) / IIQ Show and Tell - SailPoint Developer Community

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.