SQLException: Could not extract resultset

sarvanmarri · July 3, 2025, 7:43am

Which IIQ version are you inquiring about?

8.4

Share all details about your problem, including any error messages you may have received.

Hi Sailors,

We are trying to update the extended attributes of Managed Attributes using a bean shell code by iterating through all the objects of a single type and we are facing the result set exception while running the code. I have followed all the suggestions mentioned, while using the iterator with caution and this issue is occurring after exactly updating 2100 objects. Sharing the loggers and source code for reference. Kindly help me out, if I am missing something.

Runtime Loggers:

2025-07-03T11:20:38,224 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ---- > Both conditions Satisfied /subscriptions/e46e59b2-d9c5-4a1d-93f8-b306aadbbfc0/resourceGroups/NetworkWatcherRG:312a565d-c81f-4fd8-895a-4e21e48d571c
API Management Service Contributor [on] NetworkWatcherRG
2025-07-03T11:20:38,260 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ## subCount :: 0
2025-07-03T11:20:38,272 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ## bothCount :: 1049
2025-07-03T11:20:38,292 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ## recordCounter :: 1049
2025-07-03T11:20:38,301 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ---- > Both conditions Satisfied /subscriptions/e46e59b2-d9c5-4a1d-93f8-b306aadbbfc0/resourceGroups/NetworkWatcherRG:7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPull [on] NetworkWatcherRG
2025-07-03T11:20:38,308 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - here1
2025-07-03T11:20:38,364  WARN QuartzScheduler_Worker-4 engine.jdbc.spi.SqlExceptionHelper:137 - SQL Error: 8003, SQLState: S0001
2025-07-03T11:20:38,364 ERROR QuartzScheduler_Worker-4 engine.jdbc.spi.SqlExceptionHelper:142 - The incoming request has too many parameters. The server supports a maximum of 2100 parameters. Reduce the number of parameters and resend the request.
2025-07-03T11:20:38,365 ERROR QuartzScheduler_Worker-4 org.apache.bsf.BSFManager:451 - Exception: 
java.security.PrivilegedActionException: null
  at java.security.AccessController.doPrivileged(AccessController.java:573) ~[?:?]
  at org.apache.bsf.BSFManager.eval(BSFManager.java:442) [bsf.jar:?]
  at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1322) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1294) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:181) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:981) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:764) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: org.apache.bsf.BSFException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:197) ~[bsh-2.1.8.jar:2.1.8 2018-10-02 08:36:04]
  at org.apache.bsf.BSFManager$5.run(BSFManager.java:445) ~[bsf.jar:?]
  at java.security.AccessController.doPrivileged(AccessController.java:569) ~[?:?]
  ... 12 more
2025-07-03T11:20:38,379 ERROR QuartzScheduler_Worker-4 sailpoint.api.TaskManager:1007 - Exception: [sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo]
java.lang.Exception: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:133) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:981) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:764) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:187) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 5 more
Caused by: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:219) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1322) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1294) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:181) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 5 more
Caused by: org.apache.bsf.BSFException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:197) ~[bsh-2.1.8.jar:2.1.8 2018-10-02 08:36:04]
  at org.apache.bsf.BSFManager$5.run(BSFManager.java:445) ~[bsf.jar:?]
  at java.security.AccessController.doPrivileged(AccessController.java:569) ~[?:?]
  at org.apache.bsf.BSFManager.eval(BSFManager.java:442) ~[bsf.jar:?]
  at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1322) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1294) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:181) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 5 more

Beanshell Code:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="AzureRoleAssignments_Updation_Rule">
  <Source>
  String resourceName = "resourceName";
  String subscription = "subscription";
  String subscriptionID = "subscriptionID";
  String management = "management";
  String maValue;
  String maName;

  QueryOptions qo = new QueryOptions();
  // qo.setCloneResults(true);

  QueryOptions ops = new QueryOptions();
  //ops.setCloneResults(true);

  Filter searchFilter = Filter.and(Filter.eq("application.name","Azure AD Global"), Filter.eq("ManagedAttribute.type", "azureRoleAssignment"), Filter.like("ManagedAttribute.value", "/subscriptions/", MatchMode.START), Filter.notnull("ManagedAttribute.displayName"), Filter.notnull("ManagedAttribute.value")); 

  IncrementalObjectIterator incObjIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, qo);
  int subCount = 0;
  int bothCount= 0;
  int recordCounter = 0;
  List managedAttributesList = new ArrayList();
  List failedValues = new ArrayList();
  int addCounter = 0;

  try {
    while(incObjIterator.hasNext())  {

      managedAttributesList.add(incObjIterator.next());
      addCounter++;

      if(0 == (addCounter % 100)) {
        log.info("***### Objects Added :: "+addCounter) ;
      }
    }

    for(ManagedAttribute managedAttribute : managedAttributesList) {

      try {
	  
        ManagedAttribute  ma  = (ManagedAttribute) managedAttribute;
        maValue = ma.getValue();
        maName = ma.getDisplayName();
        if(maName != null @and maValue != null)  {

          if(maValue.contains("resourceGroups") @and maValue.contains("subscriptions"))  {
            log.info("---- > Both conditions Satisfied "+maValue +"\n" + maName);
            bothCount++;

            String searchWord = "[on]";
            int searchIndex = maName.indexOf(searchWord);

            if(searchIndex != -1)  {        
              int startIndex  = searchIndex + searchWord.length();        
              resourceName = maName.substring(startIndex).trim(); 
              ma.setAttribute("azureResourceGroup",resourceName);       
            }

            //Searching for subscription

            searchWord = "subscriptions/";
            searchIndex = maValue.indexOf(searchWord);

            if(searchIndex != -1)  {        
              int startIndex  = searchIndex + searchWord.length();
              int endIndex = maValue.indexOf("/resourceGroups");
			  
              subscriptionID = maValue.substring(startIndex, endIndex).trim(); 
              log.info("here1");

              Filter searchFilter = Filter.and(Filter.eq("application.name","Azure AD Global"), Filter.eq("ManagedAttribute.value", subscriptionID));  
              ops.add(searchFilter);

              IncrementalObjectIterator incIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, ops);

              while(incIterator.hasNext())  {
                ManagedAttribute foundMA = incIterator.next();
                subscription = foundMA.getDisplayName();
                ma.setAttribute("azureSubscription",subscription);
                context.decache(foundMA);
                break;
              }
              sailpoint.tools.Util.flushIterator(incIterator);
            }

          } else if(!maValue.contains("resourceGroups") @and maValue.contains("subscriptions"))  {
            log.info("---> Only for subscription "+maValue);
            subCount++;

            String searchWord = "[on]";
            int searchIndex = maName.indexOf(searchWord);

            if(searchIndex != -1)  {        
              int startIndex  = searchIndex + searchWord.length();        
              subscription = maName.substring(startIndex).trim();
              ma.setAttribute("azureSubscription",subscription);
            }
          }
        }
		
        context.saveObject(ma);
        recordCounter++;

        if(0 == (recordCounter % 10)) {
          context.commitTransaction();
          context.decache();
          log.info("@@@ cache cleareed") ;
        }
        log.info("## subCount :: "+subCount);
        log.info("## bothCount :: "+bothCount);

        log.info("## recordCounter :: "+recordCounter);
      } catch (SQLException e) {
        failedValues.add(maValue);
        log.info("ERROR :: "+e);
      }
    }
  } catch (PrivilegedActionException pve)  {
    Throwable cause = pve.getCause();
    if(cause != null)  {
      log.info(cause.printStackTrace());
    } else {
      log.info(pve.printStackTrace());
    }
  }
  sailpoint.tools.Util.flushIterator(objIterator);

  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  </Source>
</Rule>

Note: We are running this rule from rule runner task

uditsahntl01 · July 3, 2025, 9:12am

Sarvan Marri:

8.4

Share all details about your problem, including any error messages you may have received.

Hi Sailors,

We are trying to update the extended attributes of Managed Attributes using a bean shell code by iterating through the objects and we are facing the result set exception Sharing the loggers and source code for reference.

Runtime Loggers:

2025-07-03T11:20:38,224 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ---- > Both conditions Satisfied /subscriptions/e46e59b2-d9c5-4a1d-93f8-b306aadbbfc0/resourceGroups/NetworkWatcherRG:312a565d-c81f-4fd8-895a-4e21e48d571c
API Management Service Contributor [on] NetworkWatcherRG
2025-07-03T11:20:38,260 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ## subCount :: 0
2025-07-03T11:20:38,272 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ## bothCount :: 1049
2025-07-03T11:20:38,292 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ## recordCounter :: 1049
2025-07-03T11:20:38,301 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - ---- > Both conditions Satisfied /subscriptions/e46e59b2-d9c5-4a1d-93f8-b306aadbbfc0/resourceGroups/NetworkWatcherRG:7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPull [on] NetworkWatcherRG
2025-07-03T11:20:38,308 ERROR QuartzScheduler_Worker-4 sailpoint.task.RuleExecutor:166 - here1
2025-07-03T11:20:38,364  WARN QuartzScheduler_Worker-4 engine.jdbc.spi.SqlExceptionHelper:137 - SQL Error: 8003, SQLState: S0001
2025-07-03T11:20:38,364 ERROR QuartzScheduler_Worker-4 engine.jdbc.spi.SqlExceptionHelper:142 - The incoming request has too many parameters. The server supports a maximum of 2100 parameters. Reduce the number of parameters and resend the request.
2025-07-03T11:20:38,365 ERROR QuartzScheduler_Worker-4 org.apache.bsf.BSFManager:451 - Exception: 
java.security.PrivilegedActionException: null
  at java.security.AccessController.doPrivileged(AccessController.java:573) ~[?:?]
  at org.apache.bsf.BSFManager.eval(BSFManager.java:442) [bsf.jar:?]
  at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1322) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1294) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:181) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:981) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:764) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: org.apache.bsf.BSFException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:197) ~[bsh-2.1.8.jar:2.1.8 2018-10-02 08:36:04]
  at org.apache.bsf.BSFManager$5.run(BSFManager.java:445) ~[bsf.jar:?]
  at java.security.AccessController.doPrivileged(AccessController.java:569) ~[?:?]
  ... 12 more
2025-07-03T11:20:38,379 ERROR QuartzScheduler_Worker-4 sailpoint.api.TaskManager:1007 - Exception: [sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo]
java.lang.Exception: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:133) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:981) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.TaskManager.runSync(TaskManager.java:764) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:187) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 5 more
Caused by: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:219) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1322) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1294) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:181) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 5 more
Caused by: org.apache.bsf.BSFException: The application script threw an exception: java.lang.RuntimeException: sailpoint.tools.GeneralException: could not extract ResultSet BSF info: DPW_AzureRoleAssignments_Updation_Rule at line: 0 column: columnNo
  at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:197) ~[bsh-2.1.8.jar:2.1.8 2018-10-02 08:36:04]
  at org.apache.bsf.BSFManager$5.run(BSFManager.java:445) ~[bsf.jar:?]
  at java.security.AccessController.doPrivileged(AccessController.java:569) ~[?:?]
  at org.apache.bsf.BSFManager.eval(BSFManager.java:442) ~[bsf.jar:?]
  at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:216) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1322) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.runRule(InternalContext.java:1294) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.runRule(RuleExecutor.java:181) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.task.RuleExecutor.execute(RuleExecutor.java:121) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 5 more

Beanshell Code:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="AzureRoleAssignments_Updation_Rule">
  <Source>
  String resourceName = "resourceName";
  String subscription = "subscription";
  String subscriptionID = "subscriptionID";
  String management = "management";
  String maValue;
  String maName;

  QueryOptions qo = new QueryOptions();
  // qo.setCloneResults(true);

  QueryOptions ops = new QueryOptions();
  //ops.setCloneResults(true);

  Filter searchFilter = Filter.and(Filter.eq("application.name","Azure AD Global"), Filter.eq("ManagedAttribute.type", "azureRoleAssignment"), Filter.like("ManagedAttribute.value", "/subscriptions/", MatchMode.START), Filter.notnull("ManagedAttribute.displayName"), Filter.notnull("ManagedAttribute.value")); 

  IncrementalObjectIterator incObjIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, qo);
  int subCount = 0;
  int bothCount= 0;
  int recordCounter = 0;
  List managedAttributesList = new ArrayList();
  List failedValues = new ArrayList();
  int addCounter = 0;

  try {
    while(incObjIterator.hasNext())  {

      managedAttributesList.add(incObjIterator.next());
      addCounter++;

      if(0 == (addCounter % 100)) {
        log.info("***### Objects Added :: "+addCounter) ;
      }
    }

    for(ManagedAttribute managedAttribute : managedAttributesList) {

      try {
	  
        ManagedAttribute  ma  = (ManagedAttribute) managedAttribute;
        maValue = ma.getValue();
        maName = ma.getDisplayName();
        if(maName != null @and maValue != null)  {

          if(maValue.contains("resourceGroups") @and maValue.contains("subscriptions"))  {
            log.info("---- > Both conditions Satisfied "+maValue +"\n" + maName);
            bothCount++;

            String searchWord = "[on]";
            int searchIndex = maName.indexOf(searchWord);

            if(searchIndex != -1)  {        
              int startIndex  = searchIndex + searchWord.length();        
              resourceName = maName.substring(startIndex).trim(); 
              ma.setAttribute("azureResourceGroup",resourceName);       
            }

            //Searching for subscription

            searchWord = "subscriptions/";
            searchIndex = maValue.indexOf(searchWord);

            if(searchIndex != -1)  {        
              int startIndex  = searchIndex + searchWord.length();
              int endIndex = maValue.indexOf("/resourceGroups");
			  
              subscriptionID = maValue.substring(startIndex, endIndex).trim(); 
              log.info("here1");

              Filter searchFilter = Filter.and(Filter.eq("application.name","Azure AD Global"), Filter.eq("ManagedAttribute.value", subscriptionID));  
              ops.add(searchFilter);

              IncrementalObjectIterator incIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, ops);

              while(incIterator.hasNext())  {
                ManagedAttribute foundMA = incIterator.next();
                subscription = foundMA.getDisplayName();
                ma.setAttribute("azureSubscription",subscription);
                context.decache(foundMA);
                break;
              }
              sailpoint.tools.Util.flushIterator(incIterator);
            }

          } else if(!maValue.contains("resourceGroups") @and maValue.contains("subscriptions"))  {
            log.info("---> Only for subscription "+maValue);
            subCount++;

            String searchWord = "[on]";
            int searchIndex = maName.indexOf(searchWord);

            if(searchIndex != -1)  {        
              int startIndex  = searchIndex + searchWord.length();        
              subscription = maName.substring(startIndex).trim();
              ma.setAttribute("azureSubscription",subscription);
            }
          }
        }
		
        context.saveObject(ma);
        recordCounter++;

        if(0 == (recordCounter % 10)) {
          context.commitTransaction();
          context.decache();
          log.info("@@@ cache cleareed") ;
        }
        log.info("## subCount :: "+subCount);
        log.info("## bothCount :: "+bothCount);

        log.info("## recordCounter :: "+recordCounter);
      } catch (SQLException e) {
        failedValues.add(maValue);
        log.info("ERROR :: "+e);
      }
    }
  } catch (PrivilegedActionException pve)  {
    Throwable cause = pve.getCause();
    if(cause != null)  {
      log.info(cause.printStackTrace());
    } else {
      log.info(pve.printStackTrace());
    }
  }
  sailpoint.tools.Util.flushIterator(objIterator);

  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  log.info("@#@# Code Completed !!!!");
  </Source>
</Rule>

Note: We are running this rule from rule runner task

Hi Move the QueryOptions ops = new QueryOptions(); inside the loop, so it gets re-initialized for each iteration. That way, each database query remains lightweight and isolated.Like i am sharing one code :

if(searchIndex != -1) {
  int startIndex = searchIndex + searchWord.length();
  int endIndex = maValue.indexOf("/resourceGroups");

  subscriptionID = maValue.substring(startIndex, endIndex).trim();
  log.info("here1");

  // See this and Move QueryOptions inside the loop to avoid parameter buildup
  QueryOptions ops = new QueryOptions();
  Filter searchFilter = Filter.and(
    Filter.eq("application.name", "Azure AD Global"),
    Filter.eq("ManagedAttribute.value", subscriptionID)
  );
  ops.add(searchFilter);

  IncrementalObjectIterator incIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, ops);
  while (incIterator.hasNext()) {
    ManagedAttribute foundMA = incIterator.next();
    subscription = foundMA.getDisplayName();
    ma.setAttribute("azureSubscription", subscription);
    context.decache(foundMA);
    break;
  }
  sailpoint.tools.Util.flushIterator(incIterator);
}

sarvanmarri · July 8, 2025, 5:05am

Hi @uditsahntl01,

Thanks, a lot. The code is working as expected now. As this is entitlements update, we would like to keep this rule in group refresh rule. The same code is working fine over iteration from rule runner task. However, when this rule is getting executed from group aggregation task. We are getting the below error:

2025-07-07T08:23:08,802  WARN QuartzScheduler_Worker-1 engine.jdbc.spi.SqlExceptionHelper:137 - SQL Error: 0, SQLState: null
2025-07-07T08:23:08,802 ERROR QuartzScheduler_Worker-1 engine.jdbc.spi.SqlExceptionHelper:142 - The connection is broken and recovery is not possible. The connection is marked by the client driver as unrecoverable. No attempt was made to restore the connection.
2025-07-07T08:23:08,803 ERROR QuartzScheduler_Worker-1 sailpoint.api.Correlator:1145 - Unable to correlate using filter [(application == sailpoint.object.Application@e8bf11e[id=0a300e0790bb1dfb8190bbd3d7b60135,name=Oracle Fusion ERP Cloud] && nativeIdentity i== "E7C674ACD3452C9DE0532D75E70A593F")]: could not extract ResultSet
sailpoint.tools.GeneralException: Unable to correlate using filter [(application == sailpoint.object.Application@e8bf11e[id=0a300e0790bb1dfb8190bbd3d7b60135,name=Oracle Fusion ERP Cloud] && nativeIdentity i== "E7C674ACD3452C9DE0532D75E70A593F")]: could not extract ResultSet
  at sailpoint.api.Correlator.findOneObject(Correlator.java:1144) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.Correlator.findLink(Correlator.java:352) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.Correlator.findLinkByNativeIdentity(Correlator.java:295) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.Identitizer.getCurrentLink(Identitizer.java:5051) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
2025-07-07T08:23:09,911 ERROR QuartzScheduler_Worker-1 sailpoint.api.Aggregator:3185 - Exception during reconnect: Unable to rollback against JDBC Connection
sailpoint.tools.GeneralException: Unable to rollback against JDBC Connection
  at sailpoint.persistence.HibernatePersistenceManager.close(HibernatePersistenceManager.java:671) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.persistence.HibernatePersistenceManager.reconnect(HibernatePersistenceManager.java:3352) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.persistence.ClassPersistenceManager.reconnect(ClassPersistenceManager.java:413) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.reconnect(InternalContext.java:1593) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
Caused by: org.hibernate.TransactionException: Unable to rollback against JDBC Connection
  at org.hibernate.resource.jdbc.internal.AbstractLogicalConnectionImplementor.rollback(AbstractLogicalConnectionImplementor.java:127) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
  at org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl$TransactionDriverControlImpl.rollback(JdbcResourceLocalTransactionCoordinatorImpl.java:304) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
  at org.hibernate.engine.transaction.internal.TransactionImpl.rollback(TransactionImpl.java:142) ~[hibernate-core-5.4.27.Final.jar:5.4.27.Final]
  at sailpoint.persistence.HibernatePersistenceManager.close(HibernatePersistenceManager.java:661) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  ... 17 more
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The connection is broken and recovery is not possible. The connection is marked by the client driver as unrecoverable. No attempt was made to restore the connection.
  at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:237) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:3876) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectionCommand(SQLServerConnection.java:4031) ~[mssql-jdbc-11.2.0.jre11.jar:?]
2025-07-07T08:23:09,949 ERROR QuartzScheduler_Worker-1 sailpoint.api.Aggregator:1916 - Exception during aggregation. Reason: Unable to rollback against JDBC Connection
sailpoint.tools.GeneralException: Unable to rollback against JDBC Connection
  at sailpoint.persistence.HibernatePersistenceManager.close(HibernatePersistenceManager.java:671) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.persistence.HibernatePersistenceManager.reconnect(HibernatePersistenceManager.java:3352) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.persistence.ClassPersistenceManager.reconnect(ClassPersistenceManager.java:413) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.server.InternalContext.reconnect(InternalContext.java:1593) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
  at sailpoint.api.Aggregator.reconnect(Aggregator.java:3180) [identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The connection is broken and recovery is not possible. The connection is marked by the client driver as unrecoverable. No attempt was made to restore the connection.
  at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:237) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:3876) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectionCommand(SQLServerConnection.java:4031) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.rollback(SQLServerConnection.java:4241) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at org.apache.commons.dbcp2.DelegatingConnection.rollback(DelegatingConnection.java:781) ~[commons-dbcp2-2.9.0.jar:2.9.0]
  at org.apache.commons.dbcp2.DelegatingConnection.rollback(DelegatingConnection.java:781) ~[commons-dbcp2-2.9.0.jar:2.9.0]
  at sailpoint.persistence.ConnectionWrapper.rollback(ConnectionWrapper.java:191) ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
2025-07-07T08:23:09,971  WARN QuartzScheduler_Worker-1 sailpoint.api.Aggregator:1924 - Deleted accounts were not processed due to errors during aggregation.
2025-07-07T08:23:09,971  WARN QuartzScheduler_Worker-1 apache.commons.dbcp2.BasicDataSource:58 - An internal object pool swallowed an Exception.
com.microsoft.sqlserver.jdbc.SQLServerException: The connection is broken and recovery is not possible. The connection is marked by the client driver as unrecoverable. No attempt was made to restore the connection.
  at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:237) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:3876) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectionCommand(SQLServerConnection.java:4031) ~[mssql-jdbc-11.2.0.jre11.jar:?]
  at com.microsoft.sqlserver.jdbc.SQLServerConnection.rollback(SQLServerConnection.java:4241) ~[mssql-jdbc-11.2.0.jre11.jar:?]

Updated code using in the group refresh rule:

String resourceName = "resourceName";
String subscription = "subscription";
String subscriptionID = "subscriptionID";
String management = "management";
String maValue;
String maName;

if(obj != null @and accountGroup != null) {
  log.error("### Entered for :: "+accountGroup.getDisplayName());

  maValue = accountGroup.getValue();
  maName = accountGroup.getDisplayName();

  if(maName != null @and maValue != null) {

    if(maValue.contains("resourceGroups") @and maValue.contains("subscriptions")){
      log.error("---- > Both conditions Satisfied \n"+maValue +"\n" + maName);

      String searchWord = "[on]";
      int searchIndex = maName.indexOf(searchWord);

      if(searchIndex != -1){        
        int startIndex  = searchIndex + searchWord.length();        
        resourceName = maName.substring(startIndex).trim(); 
        accountGroup.setAttribute("azureResourceGroup",resourceName);       
      }

      //Searching for subscription

      searchWord = "subscriptions/";
      searchIndex = maValue.indexOf(searchWord);

      if(searchIndex != -1){        
        int startIndex  = searchIndex + searchWord.length();
        int endIndex = maValue.indexOf("/resourceGroups");
        subscriptionID = maValue.substring(startIndex, endIndex).trim();

        QueryOptions ops = new QueryOptions();

        Filter searchFilter = Filter.and(Filter.eq("application.name","Azure AD Global"), Filter.eq("ManagedAttribute.value", subscriptionID));  
        ops.add(searchFilter);

        IncrementalObjectIterator incIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, ops);

        while(incIterator.hasNext())	{
          ManagedAttribute foundMA = incIterator.next();
          subscription = foundMA.getDisplayName();
          accountGroup.setAttribute("azureSubscription",subscription);
          context.decache(foundMA);
          break;
        }
        sailpoint.tools.Util.flushIterator(incIterator);
      }

    } else if(!maValue.contains("resourceGroups") @and maValue.contains("subscriptions")){
      log.error("---> Only for subscription "+maValue);

      String searchWord = "[on]";
      int searchIndex = maName.indexOf(searchWord);

      if(searchIndex != -1)	{
        int startIndex  = searchIndex + searchWord.length();        
        subscription = maName.substring(startIndex).trim();
        accountGroup.setAttribute("azureSubscription",subscription);
      }
    } else if(maValue.toLowerCase().contains("management")){
      log.error("---> Only for Management");
      accountGroup.setIiqElevatedAccess(true);
      String searchWord = "[on]";
      int searchIndex = maName.indexOf(searchWord);
      if(searchIndex != -1)	{        
        int startIndex  = searchIndex + searchWord.length();        
        management = maName.substring(startIndex).trim();
        //accountGroup.setAttribute("azureManagementGroup",management);     //NOT USING AS OF NOW
      }
    }
  }

  accountGroup.setRequestable(false);
  context.decache();
  log.error("@@@ cache cleareed  :: "+accountGroup);
}
return accountGroup;

Kindly check this code and let us know, if we are missing something.

Thank you.

uditsahntl01 · July 8, 2025, 5:18am

Try commenting out this block and rerun group aggregation
IncrementalObjectIterator incIterator = new IncrementalObjectIterator(context, ManagedAttribute.class, ops);
Commenting out the block is not a permanent fix it’s a diagnostic step to confirm that your database query is the cause of the crash during Group Aggregation.
If aggregation is successful so DB query is causing the crash.

sarvanmarri · July 9, 2025, 9:11am

Hi @uditsahntl01 ,

I have tried the above approach, but no luck. Any other suggestion from your end?

Thanks,
Sarvan Marri

system · September 7, 2025, 9:11am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
An unexpected error occurred: org.hibernate.exception.SQLGrammarException: could not extract ResultSet IIQ Discussion and Questions identityiq	4	110	February 2, 2026
Account Aggregation org.hibernate.PropertyAccessException IIQ Discussion and Questions	16	6405	July 19, 2023
An unexpected error occurred: java.lang.Exception: sailpoint.tools.GeneralException: The application script threw an exception: org.hibernate.exception.GenericJDBCException: could not get next iterator result BSF info: IIQ Discussion and Questions workflows , rules , identityiq	3	1159	December 3, 2024
Jdbc rule provisioning IIQ Discussion and Questions identityiq , provisioning	7	1332	December 9, 2023
TaskResult Monitor UpdateProgress seems to save in memory objects? IdentityIQ (IIQ)	14	3431	March 28, 2022

SQLException: Could not extract resultset

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics