The **identity.getAssignedRoles()** method is returning **null** in a Policy Violation rule under Advanced Policy

IdentityIQ (IIQ) IIQ Discussion and Questions
1

The identity.getAssignedRoles() method is returning null in a Policy Violation rule under Advanced Policy.

Below is the piece of code.

import sailpoint.object.Identity;
import sailpoint.object.Bundle;
import sailpoint.object.PolicyViolation;
import java.util.List;

log.error(“Inside Violation”);
PolicyViolation violation = null;
boolean vflag = false;
String desc = null;

Identity reqIdentity = identity;
log.error(“Requested ID:”+reqIdentity.toXml());

Identity dbIdentity = context.getObjectByName(Identity.class, identity.getName());
log.error(“Existing ID:”+dbIdentity.toXml());

List dbIdRoles = dbIdentity.getAssignedRoles();
log.error(“Existing Roles:”+dbIdRoles);
List reqIdRoles = reqIdentity.getAssignedRoles();
log.error(“Requested Roles:”+reqIdRoles);

if((reqIdRoles != null && !reqIdRoles.isEmpty()) && (dbIdRoles != null && !dbIdRoles.isEmpty())) {
reqIdRoles.removeAll(dbIdRoles);
log.error(“Final Requested Roles:”+reqIdRoles);
}
log.error(“Requested Roles Size:”+reqIdRoles.size());
if (reqIdRoles.size() > 20 ) {
vflag = true;
desc = “You should not request for more that 20 request Items at a Time”;
}

if (vflag) {
violation = new PolicyViolation();
violation.setActive(true);
violation.setIdentity(identity);
violation.setPolicy(policy);
violation.setConstraint(constraint);
violation.setDescription(desc);
violation.setStatus(sailpoint.object.PolicyViolation.Status.Open);
}
return violation;

Is there a way to get it? Please advise

Note : This is to limit each Identity Request in SailPoint to carry no more than 20 request items.

image
image1578×341 19.3 KB

2

Hi @Venu1010 ,

Refresh the identity and verify if the user has any roles assigned to them. If the user has no roles assigned, the result will be null.

The identity.getAssignedRoles() method will return a list of roles currently assigned to that identity. If no roles are assigned, an empty list or null will be returned.

3

We are doing Policy Violation for access request. User had submitted an Identity Request in SailPoint IIQ with more than 100 request items, which crashed the UI server continuously for more than a week. To resolve the root cause, we have to limit each SailPoint IIQ Identity Request not allowing more than 20 request items.

Agenda is to “Limit each Identity Request in SailPoint IIQ to not carry more than 20 (exclude) request items”. We are doing it by using Advanced Policy

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.