Time Stamp filter

likith2501 · September 23, 2024, 7:38am

I am working on the schedular in iiq for generating report. I want build a code to get the users who got assigned to the entitlements with the 6 hours while the refresh of this rule is done everyday.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1726467520558" id="0ad8290f91ef11908191f97bb82e664a" language="beanshell" modified="1726730556286" name="BBY-idenFilter12">
  <Source>
      
        import sailpoint.object.*;
        import sailpoint.object.Filter;
        import java.util.Calendar;
        import java.util.Date;
        import java.text.SimpleDateFormat;

        SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
        Date today = new Date();
        Calendar cal = Calendar.getInstance();
        cal.add(Calendar.HOUR, -4);
        Date fourHourBack = cal.getTime();

       // Fetch the epoch time stamp from the filtering entitlement value
        String entitlementValue = "CN=BBY-U-US-SLM-Standard-Request,OU=Groups,OU=Best Buy,OU=Users and Groups,DC=naqa,DC=bestbuyqa,DC=com"; // Replace with your entitlement value
        long epochTime = getEpochTimeFromEntitlementValue(entitlementValue);
        Date epochDate = new Date(epochTime);

        QueryOptions qo = new QueryOptions();
        qo.addFilter(Filter.ge("created", fourHourBack));
        qo.addFilter(Filter.eq("value", entitlementValue));
        List idenEntList = context.getObjects(IdentityEntitlement.class, qo);
        return idenEntList;
      
    </Source>
</Rule>

here a sample code to make the changes of the time stamp to filter out the users and entitlement. Can anyone please help me with the filter of the application and entitlement and check the users updated to the entitlement and generate report.

abartkowski · September 23, 2024, 8:44am

Hi

In your code there is an issue with the hours value ( instead of 6 you have set 4):

Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, -6);
Date sixHoursAgo = cal.getTime();

Define the entitlement value and application name

String entitlementValue = “CN=BBY-U-US-SLM-Standard-Request,OU=Groups,OU=Best Buy,OU=Users and Groups,DC=naqa,DC=bestbuyqa,DC=com”;
String applicationName = “YourApplicationName”;

Fetch the Application object

Application app = context.getObjectByName(Application.class, applicationName);

if (app == null) {
throw new GeneralException(“Application '” + applicationName + “’ not found.”);
}

Create QueryOptions with the necessary filters

QueryOptions qo = new QueryOptions();
qo.addFilter(Filter.ge(“created”, sixHoursAgo));
qo.addFilter(Filter.eq(“value”, entitlementValue));
qo.addFilter(Filter.eq(“application”, app));

Fetch the list of IdentityEntitlement objects

List idenEntList = context.getObjects(IdentityEntitlement.class, qo);

Read the identities:

for (IdentityEntitlement ie : idenEntList) {
Identity identity = ie.getIdentity();
if (identity != null) {
identities.add(identity);
}
}

ManparTDC · October 2, 2024, 4:57pm

Hi @abartkowski ,

I am facing a similar issue while trying to fetch a list of identities whose lastRefresh date is less than the start date of an account aggregation task. I do not see any errors but the filter returns a lot of identities that do not fit the criteria. Below is the piece of code i am using, can you please let me know what my mistake is?
Also, it does not matter if I use ‘gt’ or ‘lt’, the names1 variable has 7900+ identities or 7500+ identities respectively. I have cross-checked a lot of these and they are incorrectly added.
For example, the aggregation task started on Sep 20th, 2024 and when I use ‘lt’ in the filter, I see IDs with refreshDate Oct 2nd, 2024. Similarly, when I use ‘gt’, I see IDs with refreshDate as far back as Jul 18th, 2024.

Thanks in Advance,
Manoj


//  log.debug("Agg started date is : "+aggTaskStartDate);
Filter filter=Filter.gt("lastRefresh",aggTaskStartDate);
qo.addFilter(filter);
  
List ids = context.getObjects(Identity.class,qo);
if(ids!=null){
   for(Identity id : ids){
      if(id.getName()!=null){
         names1.put(id.getName(),id.getLastRefresh());
      } else {
         names1.put(" "," ");
      }
   }
  names1.put("AggtaskStartDate",aggTaskStartDate);
  return names1;
} else {
return names1;

Topic		Replies	Views
Script to assign role IIQ Discussion and Questions identityiq , roles	16	582	April 30, 2024
ResourceObjectSelector Rule Filter is Not Working IIQ Discussion and Questions rules , identityiq	10	467	July 1, 2024
Scheduler Creation in Sailpoint IIQ Discussion and Questions identityiq , entitlements	6	89	October 5, 2024
Custom Rule -to fetch the entitlements and identity IIQ Discussion and Questions identityiq , reports , entitlements	6	172	September 20, 2024
Get all identities for an entitlement IIQ Discussion and Questions	3	944	July 19, 2023

Time Stamp filter

Related Topics