Hi all,
How can I set the owner of an entitlement if the owner is terminated/inactive?
A rule snippet would help a lot.
Thanks in advance.
You can use the GroupAggregationRefresh rule to modify the owner.
import sailpoint.object.Identity;
if (accountGroup != null ) {
Identity owner = context.getObjectByName(Identity.class, "new owner");
if (owner != null) {
accountGroup.setOwner(owner);
}
}
return accountGroup;
Hi @rishavghoshacc ,
If a leaver event is triggered for an identity, and that identity is the owner of an entitlement, you can add a logic within the leaver workflow. Prior to generating the plan, add the step to automatically reassign the ownership of the entitlement to the identity’s manager. This ensures that the ownership of the entitlement is transferred whenever the identity is terminated, streamlining the process and preventing any ownership issues after the termination event occurs.
1 Like
@Arun-Kumar we have already implemented this. We wanted to do a clean-up for the entitlements that already have terminated identities as owners.
@shirbhatea We need the code to filter out entitlements with inactive identities and change the owners
hi @rishavghoshacc if you want to check which entitlement is having inactive owner then use advance analytics
if you want to write a rule then use QueryOptions and
queryOptions.add(Filter.eq(“owner.inatcive”,true))
Another option is use refresh or run rule task to update as per your requirment for these managed attributes.
You can keep below code in your existing group aggregation rule.
String defaultGroupOwner = "spadmin";
Identity currentOwner = accountGroup.getOwner();
if(currentOwner == null || currentOwner.isDisabled()){
accountGroup.setOwner(context.getObjectByName(Identity.class, defaultGroupOwner));
}
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.