Hiding Filter Attributes From Request Access , Manage Access Page Sailpoint Identity IQ

Hiding the Filter Attributes from the Request Access --> Manage Access Page using the Plugin .
We need to create the below folder structure and copy the required codes in each of the files as given below , here in expAccessSerachFilter.js we have written the JS to hide few OOTB Attributes such as the Role Type , Entitlement Attribute and Entitlement Owner. This can be even used to hide any of the Extended Attribute from the Managed Attribute.

│  

├───AccessRequestAccessFilter

│   │   manifest.xml

│   │  

│   ├───jars

│   └───ui

│       ├───images

│       └───js

│               expAccessSerachFilter.js

                

manifest.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Plugin PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Plugin name="AccessRequestAccessFilter" displayName="AccessRequestAccessFilter" disabled="false" version="0.0.1.0" minSystemVersion="7.1" maxSystemVersion="7.4"
  certificationLevel="None">
  <Attributes>
    <Map>
      <entry key="snippets">
        <value>
          <List>
            <Snippet regexPattern=".*" rightRequired="">
              <Scripts>
                <String>ui/js/expAccessSerachFilter.js</String>
              </Scripts>
            </Snippet>
          </List>
        </value>
      </entry>
    </Map>
  </Attributes>
</Plugin>

expAccessSerachFilter.js

jQuery(document).ready(function(){
var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
var observer = new MutationObserver(function(mutations) {  
 mutations.forEach(function(mutation){
   for(var i =0;i < mutation.addedNodes.length;i++){
   if($("[id*='itemsFilterPanel']").length) {
    if(jQuery(mutation.addedNodes[i]).find("sp-object-suggest[sp-button-aria-label='Role Type']").length)
     {
      $("sp-object-suggest[sp-button-aria-label='Role Type']").parent().parent().parent().hide();
     }
    if(jQuery(mutation.addedNodes[i]).find("sp-object-multi-suggest[sp-button-aria-label='Entitlement Attribute']").length)
     {
      $("sp-object-multi-suggest[sp-button-aria-label='Entitlement Attribute']").parent().parent().parent().hide();
     }
    if(jQuery(mutation.addedNodes[i]).find("sp-object-suggest[sp-button-aria-label='Entitlement Owner']").length)
     {
      $("sp-object-suggest[sp-button-aria-label='Entitlement Owner']").parent().parent().parent().hide();
     }     
   }
   }
    });
 });
observer.observe(document,{childList:true,subtree:true,attributes:false});
});

create the zip folder with above structure and install the same as the plugin in UI. 
Login into Identity IQ --> Gear --> Plugins -->New -->Drag and drop a file or click in this box to install a plugin
Once we have installed logout and login and see the changes . Below UI shows and have hidden the required attributes.

SQL ACCESS REVIEW CERTIFICATION DETAILS SAILPOINT IDENTITY IQ

This Query can be used to get the Access review details which is assigned to the Reviewer. This will contain the basic information of the Access Review  and will not contain any information related to the identity details which is to be reviewed.

SELECT
   SPT_CERTIFICATION_DEFINITION.NAME AS "CERTIFICATION DEFINITION NAME",
   SHORT_NAME AS "CERTIFICATION NAME",
   (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (ACTIVATED) / 1000 / 60 / 60 / 24
   )
   AS "CREATE DATE",
   (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (EXPIRATION) / 1000 / 60 / 60 / 24
   )
   AS "EXPIRATION DATE",
   (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SIGNED) / 1000 / 60 / 60 / 24
   )
   AS "SIGNED DATE",
   SPT_CERTIFICATION.MANAGER AS "ASSIGNED TO USER",
   SPT_IDENTITY.EMAIL AS "ASSIGNED USER EMAIL",
   SPT_CERTIFICATION.TOTAL_ENTITIES AS "TOTAL IDENTITY INCLUDED",
   SPT_CERTIFICATION.EXCLUDED_ENTITIES AS "TOTAL IDENTITY EXCLUDED",
   SPT_CERTIFICATION.COMPLETED_ENTITIES AS "COUNT ACTION TAKEN ON IDENTITY",
   SPT_CERTIFICATION.PERCENT_COMPLETE AS "PERCENTAGE ACTION TAKEN ON IDENTITY",
   SPT_CERTIFICATION.CERTIFIED_ENTITIES,
   SPT_CERTIFICATION.TOTAL_ITEMS AS "TOTAL ITEMS ASSIGNED",
   SPT_CERTIFICATION.EXCLUDED_ITEMS AS "TOTAL ITEMS EXCLUDED",
   SPT_CERTIFICATION.COMPLETED_ITEMS AS "COUNT ACTION TAKEN ON ITEM",
   SPT_CERTIFICATION.ITEM_PERCENT_COMPLETE AS "PERCENTAGE ACTION TAKEN ON ITEM",
   SPT_CERTIFICATION.CERTIFIED_ITEMS,
   SPT_CERTIFICATION.REMEDIATIONS_KICKED_OFF,
   SPT_CERTIFICATION.REMEDIATIONS_COMPLETED 
FROM
   SPT_CERTIFICATION,
   SPT_IDENTITY,
   SPT_CERTIFICATION_GROUPS,
   SPT_CERTIFICATION_GROUP,
   SPT_CERTIFICATION_DEFINITION 
WHERE
   SPT_IDENTITY.NAME = SPT_CERTIFICATION.MANAGER
   AND SPT_CERTIFICATION_DEFINITION.ID = SPT_CERTIFICATION_GROUP.CERTIFICATION_DEFINITION
   AND SPT_CERTIFICATION_GROUP.ID = SPT_CERTIFICATION_GROUPS.GROUP_ID 
   AND SPT_CERTIFICATION_GROUPS.CERTIFICATION_ID = SPT_CERTIFICATION.ID 
   AND SPT_CERTIFICATION_DEFINITION.ID = SPT_CERTIFICATION.CERTIFICATION_DEFINITION_ID 
   AND SPT_CERTIFICATION_GROUP.NAME = '<CERTIFICATION NAME>'


Same Query can be modified and can be used to get the data with more details like extended attribute from Identity and other deatils.

SPT_CERTIFICATION_DEFINITION - Certification Definition 
SPT_CERTIFICATION_GROUP - Certification Details
SPT_CERTIFICATION_GROUPS - Link Certification and Access Review 
SPT_CERTIFICATION - Access Review details doesn't include the Actioned Identity details

SQL IDENTITY ENTITLEMENT DETAILS SAILPOINT IDENTITY IQ

This will get list of all the Entitlement details for the particular user

Select  SPT_IDENTITY.NAME AS "USER ID" ,SPT_APPLICATION.NAME AS "APPLICATION NAME", 
        SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT ID", 
        SPT_IDENTITY_ENTITLEMENT.VALUE  AS "ENTITLEMENT VALUE"
        from SPT_IDENTITY_ENTITLEMENT , 
             SPT_MANAGED_ATTRIBUTE , 
             SPT_APPLICATION ,
             SPT_IDENTITY 
        where 
            SPT_MANAGED_ATTRIBUTE.APPLICATION=SPT_IDENTITY_ENTITLEMENT.APPLICATION and
            SPT_MANAGED_ATTRIBUTE.VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE and 
            SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID = SPT_IDENTITY.ID and
            SPT_APPLICATION.ID=SPT_MANAGED_ATTRIBUTE.APPLICATION and
            SPT_IDENTITY.CORRELATED ='1' and
            SPT_IDENTITY.NAME=<NAME ATTRIBUTE>



This will get list of all the Entitlement details for the all the user's

Select  SPT_IDENTITY.NAME AS "USER ID" ,SPT_APPLICATION.NAME AS "APPLICATION NAME", 
        SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT ID", 
        SPT_IDENTITY_ENTITLEMENT.VALUE  AS "ENTITLEMENT VALUE"
        from SPT_IDENTITY_ENTITLEMENT , 
             SPT_MANAGED_ATTRIBUTE , 
             SPT_APPLICATION ,
             SPT_IDENTITY 
        where 
            SPT_MANAGED_ATTRIBUTE.APPLICATION=SPT_IDENTITY_ENTITLEMENT.APPLICATION and
            SPT_MANAGED_ATTRIBUTE.VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE and 
            SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID = SPT_IDENTITY.ID and
            SPT_APPLICATION.ID=SPT_MANAGED_ATTRIBUTE.APPLICATION and

            SPT_IDENTITY.CORRELATED ='1' and


Same Query can be modified and can be used to get the data with more details like extended attribute from Entitlement catalog or the Identity Attributes.


SPT_IDENTITY_ENTITLEMENT --> Contain relation between the Identity and Identity Entitlement.
SPT_MANAGED_ATTRIBUTE --> Contains the managed attributes details
SPT_APPLICATION --> Contain the Application related details
SPT_IDENTITY --> Contains all the User Identity Attributes

FeaturesString Available in Sailpoint IdenityIQ

Connector Features Supported 

The Application object also has a Feature enumeration, specified as the FeaturesString attribute of the application definition, which is used to control the functionality available through the connector.it tell what all the operation idenityIQ is configured to support for this connector.

Below are the list of the value that are possible for the FeaturesString

Application. Feature	Description
ACCOUNT_ONLY_REQUEST	The application supports requesting accounts without entitlements.
ADDITIONAL_ACCOUNT_REQUEST	The application supports requesting additional accounts.
AUTHENTICATE	The application supports pass through authentication.
COMPOSITE	The application supports composite application creation.
CURRENT_PASSWORD	Some application types support verification of the current password
DIRECT_PERMISSIONS	The application supports returning DirectPermissions.
DISCOVER_SCHEMA	The application supports discovering schemas for users and groups.
ENABLE	The application supports reading if an account is enabled or disabled.
GROUPS_HAVE_MEMBERS	The application models group memberships with a member attribute on the group object rather than a groups attribute on the account object.
MANAGER_LOOKUP	The application supports looking up managers as they are encountered in a feed.
NO_AGGREGATION	An application that does not support aggregation.
NO_PERMISSIONS_PROVISIONING	Indicates that the connector cannot provision direct or target permissions for accounts.
NO_RANDOM_ACCESS	The application does not support random access and the getObject() methods should not be called and expected to perform.
PASSWORD	The application can provision password changes.
PROVISIONING	The application can both read and write accounts.
PROXY	The application can serve as a proxy for another application.
SEARCH
SYNC_PROVISIONING	The application can provision accounts synchronously.
UNLOCK	The application supports reading if an account is locked or unlocked.
UNSTRUCTURED_TARGETS	The application supports returning unstructured Targets.

Below are the List of the featurestring value when we configure OOTB Active Directory Connector

featuresString

PROVISIONING

SYNC_PROVISIONING

AUTHENTICATE

MANAGER_LOOKUP

SEARCH

UNSTRUCTURED_TARGETS

UNLOCK

ENABLE

PASSWORD

CURRENT_PASSWORD