Saturday, August 31, 2019

Hiding Filter Attributes From Request Access , Manage Access Page Sailpoint Identity IQ


Hiding the Filter Attributes from the Request Access --> Manage Access Page using the Plugin .
We need to create the below folder structure and copy the required codes in each of the files as given below , here in expAccessSerachFilter.js we have written the JS to hide few OOTB Attributes such as the Role Type , Entitlement Attribute and Entitlement Owner. This can be even used to hide any of the Extended Attribute from the Managed Attribute.

│  
├───AccessRequestAccessFilter
│   │   manifest.xml
│   │  
│   ├───jars
│   └───ui
│       ├───images
│       └───js
│               expAccessSerachFilter.js

                

manifest.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Plugin PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Plugin name="AccessRequestAccessFilter" displayName="AccessRequestAccessFilter" disabled="false" version="0.0.1.0" minSystemVersion="7.1" maxSystemVersion="7.4"
  certificationLevel="None">
  <Attributes>
    <Map>
      <entry key="snippets">
        <value>
          <List>
            <Snippet regexPattern=".*" rightRequired="">
              <Scripts>
                <String>ui/js/expAccessSerachFilter.js</String>
              </Scripts>
            </Snippet>
          </List>
        </value>
      </entry>
    </Map>
  </Attributes>
</Plugin>


expAccessSerachFilter.js

jQuery(document).ready(function(){
var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
var observer = new MutationObserver(function(mutations) {  
 mutations.forEach(function(mutation){
   for(var i =0;i < mutation.addedNodes.length;i++){
   if($("[id*='itemsFilterPanel']").length) {
    if(jQuery(mutation.addedNodes[i]).find("sp-object-suggest[sp-button-aria-label='Role Type']").length)
     {
      $("sp-object-suggest[sp-button-aria-label='Role Type']").parent().parent().parent().hide();
     }
    if(jQuery(mutation.addedNodes[i]).find("sp-object-multi-suggest[sp-button-aria-label='Entitlement Attribute']").length)
     {
      $("sp-object-multi-suggest[sp-button-aria-label='Entitlement Attribute']").parent().parent().parent().hide();
     }
    if(jQuery(mutation.addedNodes[i]).find("sp-object-suggest[sp-button-aria-label='Entitlement Owner']").length)
     {
      $("sp-object-suggest[sp-button-aria-label='Entitlement Owner']").parent().parent().parent().hide();
     }     
   }
   }
    });
 });
observer.observe(document,{childList:true,subtree:true,attributes:false});
});

create the zip folder with above structure and install the same as the plugin in UI. 
Login into Identity IQ --> Gear --> Plugins -->New -->Drag and drop a file or click in this box to install a plugin
Once we have installed logout and login and see the changes . Below UI shows and have hidden the required attributes.



16 comments:

  1. Hi, I am getting Unable to process manifest file in AccessRequestAccessFilter.zip, Any idea what could be the reason, since no logs are being printed. Also I have using IIQ 8.0 and I have removed maxSystemVersion, Still same error.

    ReplyDelete
    Replies
    1. Make sure your zip file is proper , Zip file should contain all the files , I have seen many times you see issue when the zip files is not proper and it contain zip inside zip . Also can you see if you see any error in the log files or any error while uploading the plugin file?

      Delete
    2. i have face the same issues cannot upload the zip file. Anyone can give suggestion

      Delete
    3. This comment has been removed by the author.

      Delete
  2. Hi Vishal, Can you please explain why Entitlement Application is not getting hide.

    ReplyDelete
    Replies
    1. I haven't included the condition in js to hide "Entitlement Application" if you want to hide that you can very well modify the JS and upload the plugin file.

      Delete
    2. Hi Vishal,
      To remove Entitlement Application, I used parent().parent().parent().remove(), which removes whole row and then I appended my desired Entitlement. If I use your code then it only removes the drop down box and not the label in Entitlement Application, rest are getting removed. I think this is a UI bug in Sailpoint, but not sure on that part.

      Delete
    3. Please don't come as Anonymous when you have any question , don't feel like replying to the person who has really a genuine issue which i don't know at all.

      Delete
    4. Why you are Using parent().parent().parent().parent().remove(); for each of the element , better try out with parent().parent().parent().hide();

      Delete
  3. Hi Vishal,

    Thank you for sharing the plugin details. It's very helpful. Every thing working fine except one attribute. We have created a custom Boolean type attribute that attribute is not hiding. It's working for other custom attributes only it's not working for attribute of type Boolean. Please help us any thing to be changed.

    if(jQuery(mutation.addedNodes[i]).find("sp-object-suggest[sp-button-aria-label='Entitlement Approval Required']").length)
    {
    $("sp-object-suggest[sp-button-aria-label='Entitlement Approval Required']").parent().parent().parent().hide();
    }

    Thank you in advance!!

    ReplyDelete
  4. Hi Vishal, Can you look into below code

    jQuery(document).ready(function(){
    var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
    var mutationObserver = new MutationObserver(function(mutations) {
    if($("[id*='itemsFilterPanel']")){
    var $g = $("sp-object-suggest[sp-button-aria-label='Entitlement G']").parent().parent().parent();
    var $t = $("sp-object-suggest[sp-button-aria-label='Entitlement T']").parent().parent().parent();
    var $p = $("sp-object-suggest[sp-button-aria-label='Entitlement P']").parent().parent().parent();

    if(jQuery.find("sp-object-suggest[sp-button-aria-label='R']"))
    {
    $("sp-object-suggest[sp-button-aria-label='R']").parent().parent().parent().parent().remove();
    }
    if(jQuery.find("sp-object-suggest[sp-button-aria-label='S']"))
    {
    $("sp-object-suggest[sp-button-aria-label='S']").parent().parent().parent().parent().remove();
    }
    if(jQuery.find("sp-object-suggest[sp-button-aria-label='Entitlement B']"))
    {
    $("sp-object-suggest[sp-button-aria-label='Entitlement B']").parent().parent().parent().parent().empty().append($g).append($t).append($p);
    }
    if(jQuery.find("sp-object-suggest[sp-button-aria-label='Entitlement L']"))
    {
    $("sp-object-suggest[sp-button-aria-label='Entitlement L']").parent().parent().parent().parent().remove();
    }
    }
    });

    mutationObserver.observe(document,{childList:true,subtree:true,attributes:false
    });
    });

    Above Code clears everything, and append g,t,p in the DOM, rest are getting cleared.

    But the problem is in AddAccess, g,t,p are getting appended twice or whenever DOM changes are done. RemoveAccess is working fine

    ReplyDelete
  5. Hi,

    I am trying to replace "Role Type" Filter Attribute Text to "Access Type" I tried other ways also to change from iiqMessages.properties but could'nt able to achieve and i saw your post on sailpoint compass. But i tried modifying this code also it is changing the text but removing the dropdown box.

    Please let me know anything on this.

    ReplyDelete
  6. Hi Vishal,
    I want to hide few Identity attributes from Access Request --> Search User -(Click Filter). There all Searchable Identity Attributes are visible so I want to hide attributes on this Page. Its possible after modify the js file?

    ReplyDelete
  7. This comment has been removed by the author.

    ReplyDelete
  8. on the same page , if we apply filter by selecting any application then only 12 records are displayed.
    This is default 12 items per page , how can we increase the number of items per page? if an application has 1000 groups then user needs to browse through multiple pages

    ReplyDelete
  9. Hi Vishal,

    Any idea how to hide the tabs like access, accounts etc in the Identity Detials?
    Manage Identity-> View Identity-> Manage

    want to hide below link
    "identity/identities/identities.jsf#/identities/c0a800687cb611db817cb70a88010171/access"

    ReplyDelete