Share all details related to your problem, including any error messages you may have received.
Hi I have a problem with filter. I try to write a script which will assign roles to filtered identities. I want my identities to be in Accounting Department and work more than half of day. This is my code:
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import java.util.Iterator;
QueryOptions qo = new QueryOptions();
String accounting = "Accounting";
Filter f1 = Filter.eq("department", accounting);
long millisBefore = 43200000l;
long today = System.currentTimeMillis();
long diff = today - millisBefore;
Date d = new Date(diff);
Filter f2 = Filter.le("created", d);
Filter f = Filter.and(f1, f2);
qo.addFilter(f);
Iterator it = context.search(Identity.class,qo);
if(it.hasNext()) {
return true;
}
return false;
As the result, all my identities have this role, the filter is not working. I have tried also assign role to identities who work less than 30 days and it also does not work (because all my identities get this role again):
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import java.util.Iterator;
long millisBefore = 30*86400000l;
long today = System.currentTimeMillis();
long diff = today - millisBefore;
Date d = new Date(diff);
QueryOptions qo = new QueryOptions();
Filter created = Filter.gt("created", d);
qo.addFilter(created);
Iterator it = context.search(Identity.class,qo);
if(it.hasNext()) {
return true;
}
return false;
Does anyone see which part of my code is incorrect?
When I have changed last lines in my code to your code I got this error: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.object.QueryOptions; import sailpoint.object.Filter; import sai . . . '' Token Parsing Error: Lexical error at line 17, column 20. Encountered: "\u201c" (8220), after : "" : at Line: 13 : in file: inline evaluation of: import sailpoint.object.QueryOptions; import sailpoint.object.Filter; import sai . . . ââ : Iterator it = context .search ( Identity .class , qo ) BSF info: script at line: 0 column: columnNo
What is more, I cannot see method addRole for identity in javadoc. I have found method addRoleAssignment but I donât know what to give as an argument, because actually I am writing this code in Role Assignment.
So the rule type used is IdentitySelector rule these are the arguments it takes. Additionally it takes the roleName(String) as an argument. It returns true/false based on whether the identity meets the criteria set.
On top of the above great suggestions I would like to add.
Perhaps you could try logging the âfilterâ to see what is returned. I am assuming the filter is returning both identities created after âdâ date and identities in department âAccountingâ seperately. You could easily verify this by check if any identity with department not equal to âAccountingâ and created older than âdâ was assigned the role.
Similarly, you could get the attribute department by using the getAttribute() method on the identity and then calculate the date as you calculated in the first rule. Then use a conditional if block to return true if both criteria of department and hours worked are met, otherwise return false.
For the second rule use the method getCreated() to fetch the date on which the identity was created and then return true if the criteria mentioned in the second rule is met.
I hope this helps. If this resolves you problem please let me know by liking this reply and marking it as the solution.
â\u201câ (8220) is a left double quotation mark (â)
Make sure that you are using standard double quotation marks (") in your script
Also,hereâs an example of Role Assignment:
Iterator it = context.search(Identity.class, qo);
while (it.hasNext()) {
Identity identity = it.next();
RoleAssignment roleAssignment = new RoleAssignment();
roleAssignment.setIdentity(identity);
roleAssignment.setRole(role); // Replace âroleâ with the role object you want to assign
context.saveObject(roleAssignment);
}
When I was using this filter identities with deparment different than âAccountingâ and created before âdâ also were assigned to this role. I donât know why my filters are not working actually, because I would like to assign role to identities in âAccountingâ department and created after âdâ and I am using filter with method and so I think it should work.
The department filter works, but I think the date filter doesnât. Try if this works:
The rule checks:
Identity created more than 12 hours back workFlag = true (workFlag is false by default)
Belonging to the âAccountingâ department (This condition is not evaluated if the first condition is not being met and by default return false)
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import java.util.Iterator;
QueryOptions qo = new QueryOptions();
String idDept = "Accounting";
Date idCreated=identity.getCreated();
// Calculate the duration since the identity was created
long durationInMillis = System.currentTimeMillis() - idCreated.getTime();
// Define the duration for half a day (12 hours)
long halfDayInMillis = 12 * 60 * 60 * 1000;
boolean workFlag = false;
if (durationInMillis > halfDayInMillis) {
workFlag = true; // Identity worked for more than half a day
} else {
workFlag = false; // Identity did not work for more than half a day
}
if (workFlag == true) {
Filter deptF= Filter.eq("department", idDept);
qo.addFilter(deptF);
Iterator it = context.search(Identity.class, qo);
if (it.hasNext()) {
return true;
}
return false;
} else
return false;
Could you test his in another dev environment, could be an environment problem, your initial rule may have also not worked, if this was an environment problem.
If I would like use if conditions for my script, not Filter, should I use Iterator to run my code for every identity? I would like to have code with two if conditions and assign my role to identities for which these conditions are true.
