Thursday, February 13, 2020

Sailpoint IIQ List of Role Mapped for Entitlement API DB Query


SQL to get the list of Business IT Role in Sailpoint IIQ which is mapped for the particular Entitlement

select bun.id,bun.type,bun.name,bun.display_name,bun.requestable,
prof_cons.ELT
from spt_bundle bun,spt_profile profile,spt_profile_constraints prof_cons,spt_bundle_requirements bun_req
where bun.id=profile.bundle_id and
profile.id=prof_cons.profile and
bun_req.child = bun.id
and prof_cons.ELT like '%%'


JAVA API to get the list of Business IT Role in Sailpoint IIQ which is mapped for the particular Entitlement

String appName="Active Directory";
String entitlementName = "CN=blah, etc, etc";
QueryOptions profileQo = new QueryOptions();
profileQo.addFilter(Filter.eq("application.name", appName));

List profiles = context.getObjects(Profile.class, profileQo);
if (profiles != null) {
    for (Object profileObj : profiles) {
        Profile p = (Profile) profileObj;
        List constraints = p.getConstraints();
        List filterList = null;
        if (constraints != null) {
            for (Object filter : constraints) {
                filterList = new ArrayList();
                if (filter instanceof sailpoint.object.Filter.LeafFilter) {
                    sailpoint.object.Filter.LeafFilter f = (sailpoint.object.Filter.LeafFilter) filter;
                    //Filter can have multiple values 
                    Object value = f.getValue();
                    if (value instanceof ArrayList) {
                        ArrayList entitlements = new ArrayList();
                        entitlements = (ArrayList) value;
                        for (Object obj : entitlements) {
                            if (obj.toString().equals(entitlementName)) {
                                Bundle bun = p.getBundle();
                                // Do something with the Bundle here
                            }
                        }
                    }
                }
            }
        }
    }
}