Hi all,
Can you please guide me on how to get only the old value and new value change in audit?
I want to get only the ones where the status has changed from Active to Terminated
Thanks in advance
@rishavghoshacc try this code.
import java.util.ArrayList;
import java.util.List;
import sailpoint.api.SailPointContext;
import sailpoint.object.AuditEvent;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.tools.Util;
List filters = new ArrayList();
filters.add(Filter.eq("action", "Status Changed"));
filters.add(Filter.eq("string1", "OldValue=Active"));
filters.add(Filter.eq("string2", "NewValue=Terminated"));
QueryOptions options = new QueryOptions();
options.addFilter(Filter.and(filters));
List events = context.getObjects(AuditEvent.class, options);
if(Util.nullSafeSize(events) > 0) {
for(AuditEvent event : events) {
log.error("event:" + event.toXml());
}
}
1 Like
We have the same requirement, and we have done the following steps:
In identity mapping, we have written a Value Change Rule on the Status attribute
Here is the Logic:
String action = "IdentityStatusChange";
String reason = "Workday workers status changed";
if(oldValue==newValue)
{
logger.debug("Old and new values are not changed");
}
else
{
logger.debug("Old and new values are changed");
AuditEvent event = new AuditEvent();
event.setSource("XXX AttributeValue change Rule");
event.setTarget(identity.getName());
logger.debug("Identity name is::"+identity.getName());
event.setAction(action);
event.setString1(reason);
event.setString2("previowsValue: " + oldValue);
event.setString3("currentValue: " + newValue);
Auditor.log(event);
context.saveObject(event);
context.commitTransaction();
}