Set directReports via an IdentityAttribute Rule

tamalika01 · March 26, 2025, 8:36am

Hi Experts,

We want to set the value of direct reports on an identity attribute, we are using the following logic:

public List getAllReportees(String identityName) {
    List allreportees=new ArrayList();
    allreportees = idn.findIdentitiesBySearchableIdentityAttribute("manager.name","Equals",identityName,"manager.name");
    return  allreportees;
}

List allReports = getAllReportees(identityName);

However, we have the following exception on manager.name:

in IIQ we used manager.name and it worked, what would be the relevant attribute for ISC? Any ideas?

Any insights would be highly appreciated!

Thanks,
Tamalika

RAKRHEEM · March 26, 2025, 9:36am

Hi Tamalika,
This will not work as manager.name is not searchable. What you can do is create one Identity Attribute and make it searchable. In that attribute populate the manager’s User Id. Once done you can do the search. Let me know if it still does not work.

Thanks
Rakesh Bhati

tamalika01 · April 7, 2025, 7:58am

Thanks, I did as you said but I am getting the following exception at the moment:

Here is the Rule:

String ruleName = "IdentityAttribute-SetDirectReports";
String identityName  = identity.getName();


log.debug(ruleName + ": ENTRY");
log.debug(ruleName + ": Print variables...");

log.debug(ruleName + ": current identityName in context: "+identityName);

public List getAllReportees(String identityName) {
    List allreportees=new ArrayList();
    allreportees = idn.findIdentitiesBySearchableIdentityAttribute("managerUid","Equals",identityName,"managerUid");
    return  allreportees;
}

List allReports = getAllReportees(identityName);

String concatUserIds(List allReports) {
    String reports = "";
    for (Identity id : allReports) {
        String name = id.getAttribute("userId");
        if (!"".equals(id.getAttribute("userId")) && id.getAttribute("userId")!=null) {
            if (!reports.isEmpty()) {
                reports += ",";
            }
            reports += name;
        }
    }
    return reports;
}

if (!allReports.isEmpty()) {
    return concatUserIds(allReports);
} else {
    return "";
}

log.debug(ruleName + ": EXIT");

RAKRHEEM · April 8, 2025, 4:51am

Hi Tamalika,
The return object from the utility is sailpoint.rule.Identity and not sailpoint.object.Identity.

Could you please check the below link and make changes to your code accordingly and have it deployed. This should work.

Thanks

tamalika01 · April 8, 2025, 9:23am

Thanks, so that means I must use methods from the sailpoint.rule.Identity class? In this class this method - getAttribute(“attributeName”) - does not exist.

RAKRHEEM · April 8, 2025, 10:01am

You can use identity.getAttributes().get(“attributeName”)

tamalika01 · April 14, 2025, 7:40am

Here is the working rule if anyone needs it in the future:


import org.apache.commons.lang3.StringUtils;
import sailpoint.object.Application;
import sailpoint.object.Field;
import sailpoint.rule.Identity;
import sailpoint.server.IdnRuleUtil;
import sailpoint.tools.GeneralException;
import java.util.List;
import java.util.ArrayList;
import java.util.Iterator;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;

String ruleName = "Rule-IdentityAttribute-SetDirectReports";
String identityName  = identity.getName();


log.debug(ruleName + ": ENTRY");
log.debug(ruleName + ": Print variables...");

log.debug(ruleName + ": current identityName in context: "+identityName);

public List getAllReportees(String identityName) {
    List allreportees=new ArrayList();
    allreportees = idn.findIdentitiesBySearchableIdentityAttribute("managerUid","Equals",identityName,"managerUid");
    if ((allreportees instanceof ArrayList && !allreportees.isEmpty()) || allreportees!=null) { // if class is arraylist then check isEmpty
        return  allreportees;
    } else {
        return  new ArrayList();
    }
}

List allReports = getAllReportees(identityName);
log.debug(ruleName + ": allReports: "+allReports);


String concatUserIds(List allReports) {
    String reports = "";
    for (Identity id : allReports) {
        if (!id.getAttributes().isEmpty()) {
            if (!"".equals(id.getAttributes().get("userId")) && id.getAttributes().get("userId")!=null && !id.getAttributes().get("userId").isEmpty()) {
                String name = id.getAttributes().get("userId");
                if (!reports.isEmpty()) {
                    reports += ",";
                }
                reports += name;
            } else {
                reports += "";
            }
        }
    }
    log.debug(ruleName + ": reports returned: "+reports);
    return reports;
}

if (!allReports.isEmpty()) {
    return concatUserIds(allReports);
} else {
    return "";
}

log.debug(ruleName + ": EXIT");

Note: Please substitute import sailpoint.rule.Identity; with sailpoint.object.Identity; when testing in the RDK.

system · June 13, 2025, 7:40am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Find Identities By Searchable IdentityAttribute Method ISC Discussion and Questions rules , identity-security-cloud	1	85	March 31, 2025
Get Manager SubOrdinates List in IdentityAttribute Rule ISC Discussion and Questions rules , identity-security-cloud	3	668	July 19, 2023
Using Identity.SetAttribute method via IdentityAttribute rule in IdentityNow ISC Discussion and Questions rules , identity-security-cloud	8	1008	July 19, 2023
Create a New Role which Includes all users with Direct Reports ISC Discussion and Questions identity-security-cloud , provisioning	11	109	November 12, 2024
Documentation on available values? Specifically for report configuration ISC Discussion and Questions	3	1375	July 19, 2023

Set directReports via an IdentityAttribute Rule

Related topics