Unable to get Identity Attribute value of a Different Identity Using Identity Attribute Rule

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hello All,

We are working with two identity sources: Employee Auth and Functional Auth. The Functional Auth source contains functional accounts that are actually owned by employees. (but we are treating them as an Identity rather than treating it as an account of the employee).
A challenge we’re facing is that the Functional Auth source does not include a value for a particular attribute ‘btAnnex2RoleCode’ for these functional identities. However, it does include an attribute called ownerUin, which represents the unique ID of the employee who owns the functional account.
This ownerUin value corresponds to the userLogin attribute in the Employee Auth source. The userLogin is effectively the username (or UID) for the employee’s identity profile.
To populate the btAnnex2RoleCode for the functional identity, we plan to:

  1. Retrieve the ownerUin from the functional identity.
  2. Search for an employee identity in the Employee Auth source where userLogin matches the ownerUin.
  3. If a match is found, extract the btAnnex2RoleCode from the employee profile.
  4. Map this btAnnex2RoleCode to the corresponding functional identity. Also, if the employee has no value i.e. null the for function identity also the value should be null

We have written a rule, Identity Attribute Rule to meet this use case, but the rule seems to be not working. Below is the rule logic. It throws error at line ‘btAnnex2RoleCode = iden.getAttribute(“btAnnex2RoleCode”);’ The error says ‘couldn’t find the method getAttribute on object ‘iden’ same for getAttribute’, same error if I use another method i.e. ‘btAnnex2RoleCode = iden.getStringAttribute(“btAnnex2RoleCode”);’
However, I have worked on a similar rule, the only difference there was the attribute that we were fetching was email rather than btAnnex2RoleCode. There it worked with the below code ‘email = iden.getEmail();’

<?xml version='1.0' encoding='UTF-8'?> Get owner btAnnex2RoleCode. <![CDATA[ import sailpoint.rule.Identity; import sailpoint.object.Identity; import sailpoint.api.*; import sailpoint.rule.IdnRuleUtil; import java.util.*; import sailpoint.rule.*; import sailpoint.tools.Util;

String btAnnex2RoleCode = null;
String OwnerUIN = null;
log.error (“identity attribute rule started”);
OwnerUIN = identity.getAttribute( “ownerUin” );
log.error(“OwnerUIN is:” + OwnerUIN);
if( OwnerUIN != null) {

List identities = idn.findIdentitiesBySearchableIdentityAttribute(“uid”,“Equals”,OwnerUIN,“uid”);

if (identities != null) {
log.error(“identity found”);
Identity iden = identities.get(0);
btAnnex2RoleCode = iden.getAttribute(“btAnnex2RoleCode”);
}
else {
btAnnex2RoleCode = null;
}
}
else{
btAnnex2RoleCode = null;
}

return btAnnex2RoleCode;

]]>

2

Hi @sandashafreen26 , I could see you have both imports in the rule - import sailpoint.rule.Identity and import sailpoint.object.Identity;

  • getAttribute(java.lang.String name) is supported under “sailpoint.object.Identity” package not in sailpoint.rule.Identity

But as the import statement - sailpoint.rule.Identity supersedes here, the method not found error occurs, so please remove this import statement - sailpoint.rule.Identity.

1 Like
3

sailpoint.rule.Identity iden = identities.get(0);
Map attributesMap = iden.getAttributes();

btAnnex2RoleCode = attributesMap.get(“btAnnex2RoleCode”);

This worked.