Rule that removes negative = true from an identity

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

Version 8.1

Share all details related to your problem, including any error messages you may have received.

Hello,

I wrote this code to remove negative=true from all the identities that have Active iiqStatus and Active orgstatus. But got a comment that this will work only for one identity.

Can anyone help me to clear me this confusion?

List bundleNames = new ArrayList();
List idenNames = new ArrayList();

QueryOptions qo = new QueryOptions();

//qo.setCloneResults(true); // this will stop iterator being closed on a commitTransaction()

qo.addFilter(Filter.and(Filter.eq("iiqStatus", "Active"),Filter.eq("orgStatus", "Hired")));

List userList = new ArrayList();

Iterator it = context.search(Identity.class, qo);

while (it.hasNext()) {

Identity identityObj = it.next();
userList.add(identityObj);
//return identityObj;

List negroleAssignments = identityObj.getRoleAssignments();
//return negroleAssignments;

if (identityObj !=null)

{
List roleAssignments = identityObj.getRoleAssignments(); // getRoleAssignment methods returns the list of role assignment under the user
//return roleAssignments;

if (roleAssignments!= null) // check if roleAssignments exists in Identity
{ //return "not null";

for(RoleAssignment ra : roleAssignments)


{ //return ra;
if(ra !=null && ra.isNegative())

{
bundleNames.add(ra.getRoleName());

}

}
}

for (String b:bundleNames)
{
negroleAssignments = identityObj.getRoleAssignments(b);
Bundle bundl = context.getObjectByName(Bundle.class,b);

identityObj.removeAssignedRole(bundl);
if(negroleAssignments != null)
{
for(RoleAssignment negrole : negroleAssignments)
{
identityObj.removeRoleAssignment(negrole);

//context.log("Negative Role Assignment has been removed");
}

idenNames.add(identityObj.getName());

}
}
context.saveObject(identityObj);

context.commitTransaction();

}

}

if(idenNames != null && !idenNames.isEmpty())
return"Negative role assignment has been removed:"+ idenNames;



return bundleNames;
2

it should work for all users with the search criteria

3

@j1241
Did you test this rule and facing any issue, one thing I observed using while you are using commit transaction within a while loop with query options using IncrementalObjectIterator instead of Iterator , below article will explain in detailed

IdentityIQ 8.0 and commitTransaction While Using an Iterator - Compass

Replace the line Iterator it = context.search(Identity.class, qo);

with
IncrementalObjectIterator it= new IncrementalObjectIterator(context, Identity.class, qo);

Or Uncomment the line related clonedresults

One of this should be done, to go through all iterations and process.

Other than that I don’t see a issue here or code as it should handle all users not just a single user.

4

Thank you, Will this code will be different if we are running this rule through task?

5

Hello,
I tested the rule. The iterator was being closed on a commitTransaction() but when I add this qo.setCloneResults(true); it ran without being closed

6

@j1241
Rule should behave the same when you run via task as well

Only thing you have to make sure is either setClonedResults True or use IncrementalObjectIterator as mentioned above.

7

Thank you @iamksatish . Yes I will uncomment the setClonedResults True.

8

Sure, please do that and test , let us know if that worked.