I have a request that when a user requests a specific entitlement to show a field for the user to enter.
I have tried to add a field in the update provisioning policy form and make it visible only on this entitlement but the code is failing that these attributes are not defined:
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import java.util.List;
String targetEntitlement = "CHAIN\\TEST";
boolean isHidden = true;
List attributeRequests = accountRequest.getAttributeRequests();
if (attributeRequests != null) {
for (AttributeRequest attrReq : attributeRequests) {
String attrValue = attrReq.getDisplayValue(); // Use getValue() instead of getDisplayValue()
String operation = attrReq.getOperation().toString(); // Get the operation as a string
// Check if the operation is "Add" and the entitlement matches
if ("Add".equalsIgnoreCase(operation)) {
if (attrValue != null && attrValue.equals(targetEntitlement)) {
isHidden = false; // Set Hidden to false if the entitlement is added
break;
}
}
}
}
return isHidden;
Error:
Uncaught JAX-RS exception.
sailpoint.tools.GeneralException: Exception evaluating rule: Test_hidden
Attempt to resolve method: getDiplayableName() on undefined variable or class name: group : at Line: 23
I have done the following but this is not working for me:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1738568347380" id="c0a8818394ca1a328194cabfaef4011e" language="beanshell" modified="1738570448375" name="Test" type="FieldValue">
<Description>This rule can be used to generate a field value (eg - an account name) using data from the given Identity. If this rule is run in the context of a workflow step then the arguments passed into the step will also be available. Also, any field values that have been processed so far from the policy related to the Application/Role will be available.</Description>
<Signature returnType="String">
<Inputs>
<Argument name="log" type="org.apache.commons.logging.Log">
<Description>
The log object associated with the SailPointContext.
</Description>
</Argument>
<Argument name="context" type="sailpoint.api.SailPointContext">
<Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
</Argument>
<Argument name="identity" type="Identity">
<Description>
The Identity object that represents the user needing the field value.
</Description>
</Argument>
<Argument name="link" type="Link">
<Description>
The sailpoint.object.Link that is being acted upon. If the link is not applicable,
this value will be null.
</Description>
</Argument>
<Argument name="group" type="AccountGroupDTO">
<Description>
The sailpoint.web.group.AccountGroupDTO that is being acted upon. If the AccountGroupDTO
is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="project" type="ProvisioningProject">
<Description>
The provisioning project being acted upon. If a provisioning project is not applicable,
the value will be null.
</Description>
</Argument>
<Argument name="accountRequest" type="ProvisioningPlan.AccountRequest">
<Description>
The account request. If an account request is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="objectRequest" type="ProvisioningPlan.ObjectRequest">
<Description>
The object request. If an object request is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="role" type="Bundle">
<Description>
The role with the template we are compiling. If the role is
not applicable, the value will be null.
</Description>
</Argument>
<Argument name="application" type="Application">
<Description>
The sailpont.object.Application with the template we are compiling. If the application
is not applicable, the value will be null.
</Description>
</Argument>
<Argument name="template" type="Template">
<Description>
The Template that contains this field.
</Description>
</Argument>
<Argument name="field" type="Field">
<Description>
The current field being computed.
</Description>
</Argument>
<Argument name="current" type="Object">
<Description>
The current value corresponding to the identity or account attribute that the field represents.
If no current value is set, this value will be null.
</Description>
</Argument>
<Argument name="operation" type="ProvisioningPlan.Operation">
<Description>
The operation being performed.
</Description>
</Argument>
</Inputs>
<Returns>
<Argument name="value">
<Description>
The string value created.
</Description>
</Argument>
</Returns>
</Signature>
<Source>import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import java.util.List;
String targetEntitlement = "SP\\Group1";
List attributeRequests = accountRequest.getAttributeRequests();
if (attributeRequests != null) {
for (AttributeRequest attrReq : attributeRequests) {
String attrValue = attrReq.getDisplayValue(); // Use getValue() instead of getDisplayValue()
String operation = attrReq.getOperation().toString(); // Get the operation as a string
// Check if the operation is "Add" and the entitlement matches
if ("Add".equalsIgnoreCase(operation)) {
if (attrValue != null && attrValue.equals(targetEntitlement)) {
field.setHidden(false);
field.setReviewRequired(true);
}
}
}
}
return ;</Source>
</Rule>
First of all, the rule should return a boolean (true or false) in order to function correctly, assuming that you are refering to the rule highlighted in green:
So instead of field.setHidden(false) you should apply the code from your first post. Additionally, I recommend adding some System.out.println statements to debug the value of the attributeRequest. This will help ensure that its format matches your targetEntitlement, as sometimes the value might be stored as cn=... or displayValue (I think this comparision may be the root of your problem).
Here’s a refined version of your code incorporating these suggestions:
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import java.util.List;
String targetEntitlement = "SP\\Group1";
boolean isHidden = true;
List attributeRequests = accountRequest.getAttributeRequests();
if (attributeRequests != null) {
for (AttributeRequest attrReq : attributeRequests) {
System.out.println("Print request values:");
System.out.println(attrReq.getValue());
System.out.println(attrReq.getValue().getClass());
String attrValue = attrReq.getValue();
String operation = attrReq.getOperation().toString(); // Get the operation as a string
// Check if the operation is "Add" and the entitlement matches
if ("Add".equalsIgnoreCase(operation)) {
if (attrValue != null && attrValue.equals(targetEntitlement)) {
isHidden = false;
field.setReviewRequired(true);
context.saveObject(field);
}else{
field.setReviewRequired(false);
context.saveObject(field);
}
context.commitTransaction();
}
}
}
return isHidden ;
