Have been trying to use Sailpoint identitynow bulk importer but i stuck in a situation where need to create 430+ access profiles for SAP application. However the issue with the template is where we define entitlements. for instance we provide
AttributeName:entitlementNames
in my current requirement there is a colon in entitlement itself.
→
logsys_agr:LSQCLNT200_ZS3C:FI_AP_DELV_LD_GLBL
The script is invoked successfully & created access profiles without entitlements
→>
it says entitlement not found
if present(accessProfileSourceNewID) && present(entitlementList) then
attributesEntitlementHash = {}
# Split the entitlementList by semicolon to separate individual attribute:entitlement pairs.
# Example input: "logsys_agr:LSQCLNT200_ZS3C:FI_AP_IP_TM_ANLYST_NA;anotherAttr:anotherEntitlement"
accessProfileEntitlements = entitlementList.split(';')
# Iterate through each attribute:entitlement pair.
accessProfileEntitlements.each do |entitlement|
# Split the pair on the first colon to get the attribute name and the full entitlement value.
parts = entitlement.split(':', 2)
# Check for proper formatting before proceeding.
if parts.length == 2
# The first part is the attribute name.
attributeName = parts[0]
# The second part is the rest of the string, which is the full entitlement value.
attributeValue = parts[1]
# Add the entitlement to the hash.
if attributesEntitlementHash.key?(attributeName)
attributesEntitlementHash[attributeName] << attributeValue
else
attributesEntitlementHash[attributeName] = [attributeValue]
end
else
puts "ERROR: Create Access Profile: entitlementList is not properly formatted. The provided value is: '#{entitlement}'"
stopFlag = true
end
end
end
Yeah, I see what’s happening. the script using splits everything on : so when your entitlement value itself contains a colon (like groups:XX:XX) it gets cut off and code only sees FI_AP_DELV_LD_GLBL.
I’ve updated the logic so it only splits on the first colon (ignoring escaped ones), and it also treats \: as a real colon. That way you can safely pass entitlements like groups:xx\:xx;groups:yy\:yy
line 1064 to 1093
if present(accessProfileSourceNewID) && present(entitlementList) then
# attributesEntitlementHash is used to store the attributes/entitlements like this :
# {
# "attribute 1" => ["entitlement 1.1","entitlement 1.2"],
# "attribute 2" => ["entitlement 2.1","entitlement 2.2"]
# }
attributesEntitlementHash = Hash.new
# split the value of column_4 (it looks like this attributeName1:entitlement1;attributeName2:entitlement2)
accessProfileEntitlements = entitlementList.split(';')
# split the value of each pair attributeName1:entitlement1
accessProfileEntitlements.each do |entitlement|
# Split only on the first unescaped colon
parts = entitlement.split(/(?<!\\):/, 2)
attributeName = parts[0]
attributeValue = parts[1]
# Unescape "\:" back to ":"
attributeName = attributeName.gsub('\:', ':') if attributeName
attributeValue = attributeValue.gsub('\:', ':') if attributeValue
if !present(attributeName) || !present(attributeValue)
puts "ERROR : Create Access Profile : entitlementList is not properly formatted, it should be attr1:ent1;attr2:ent2, the provided value is : '#{entitlementList}'"
stopFlag = true
else
if attributesEntitlementHash[attributeName].nil?
attributesEntitlementHash[attributeName] = [attributeValue]
else
attributesEntitlementHash[attributeName] << attributeValue
end
end
end
end
