Field Value Rule to remove identity entitlements for any application
In a given application, call this rule in the Provisioning Policy entitlement field, to remove the entitlements. Below is the rule:
import sailpoint.object.EntitlementGroup;
import sailpoint.object.Attributes;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.api.Provisioner;
log.error("Executing Feild Value Rule - Remove Entitlements for Identity: " + identity.getName());
String applicationName = link.getApplicationName();
String nativeIdentity = link.getNativeIdentity();
ProvisioningPlan plan = new ProvisioningPlan();
Provisioner provisioner = new Provisioner(context);
//Calucalting Identity Entitlements
List exceptions = identity.getExceptions();
if(exceptions !=null){
for(EntitlementGroup entitlement: exceptions){
Attributes attributes = entitlement.getAttributes();
Map attributesMap = attributes.getMap();
for (Map.Entry attrMap : attributesMap.entrySet()){
ProvisioningPlan.AccountRequest accountRequest = new ProvisioningPlan.AccountRequest(
ProvisioningPlan.AccountRequest.Operation.Modify, applicationName, null, nativeIdentity);
ProvisioningPlan.AttributeRequest attributeRequest = new ProvisioningPlan.AttributeRequest(
(String) attrMap.getKey(), ProvisioningPlan.Operation.Remove, attrMap.getValue());
accountRequest.add(attributeRequest);
plan.add(accountRequest);
provisioner.execute(plan);
}
}
}
Or simply import this xml file to import the rule.
Comment below if you find this post helpful.
No comments:
Post a Comment