looks like you haven’t used the correct accountID for the associated account. Otherwise you’d have got 1 match and the result.
Check to make sure you’re using the correct attribute (accountID) from the first query.
Hi Darren,
We’re making great progress, but I have a question we’re having a harder time with. Is it possible to see the assignment criteria of the role so that we can see if someone belongs to a role?
In other words, how can we use the membership of a role to see if it matches a user’s attributes?
Hey Aaron, sure thing.
You can get the criteria of the role via the roles membership criteria.
Compare that to the accounts values for the criteria to see if they would fulfil it.
$myRole = Get-IdentityNowRole | where-object {$_.name -eq "API Role"} | Select-Object
$myRole | FL
$myRole.membership.criteria | FL
1 Like
Hi Darren,
Yep. We actually figured it out, but your post does validate that we did it correctly. Thank you!!
Next question. We are able to get entitlement IDs, but we have a source that has over 10,000 entitlements. How can we get them all loaded into a variable?
Our SAP source has 13,000 entitlements. How can we page those results to get all of them? Any advice here? Or is there a way to get the entitlements that an account has directly?