Support
Quality
Security
License
Reuse
Coming Soon for all Libraries!
Currently covering the most popular Java, JavaScript and Python libraries. See a SAMPLE HERE.
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
CLI for storing and reading your secrets via vault
Installation
gem 'secrets_cli'
QUESTION
SailPoint IdentityIQ 8.2 - Return a list of users who have any entitlement(group) in a predetermined list of entitlements
Asked 2021-Nov-22 at 16:24I'm working in an environment where IdentityIQ 8.2 is deployed for access management.
I am attempting to return a list of users, based on if they have any one of the entitlements in the provided "whitelist". (i.e. "Show me any user who has entitlement1 or entitlement2 or entitlement3")
I tried to use the Advanced Analytics search function. This does allow you to search for identities based on entitlement, but it function in an "Exclusive AND" logic style where only users who have every single entitlement on your "whitelist" will be returned. I haven't found a way to change this. The Advanced Search type doesn't support searching by entitlement, from what I can tell.
Is there an out of the box way to accomplish this?
ANSWER
Answered 2021-Nov-22 at 16:24You can create the entitlement search with AND and save the result as a Population. You can then change operation="AND" to operation="OR" using the Debug pages.
Example how to search for users who have either of these two AD group memberships (this is a Population saved from Advanced Analytics):
<GroupDefinition indexed="true" name="x" private="true">
<GroupFilter>
<CompositeFilter operation="AND">
<Filter operation="COLLECTION_CONDITION" property="identityEntitlements">
<CollectionCondition>
<CompositeFilter operation="OR">
<CompositeFilter operation="AND">
<Filter operation="EQ" property="application.name" value="AD"/>
<Filter operation="EQ" property="name" value="memberOf"/>
<Filter operation="EQ" property="value" value="{e4ca3ebf-543e-4f19-aa6d-60ebee9968a7}"/>
</CompositeFilter>
<CompositeFilter operation="AND">
<Filter operation="EQ" property="application.name" value="AD"/>
<Filter operation="EQ" property="name" value="memberOf"/>
<Filter operation="EQ" property="value" value="{b263fcce-26e5-4fc8-9ed3-012df6b4c262}"/>
</CompositeFilter>
</CompositeFilter>
</CollectionCondition>
</Filter>
</CompositeFilter>
</GroupFilter>
<Owner>
<Reference class="sailpoint.object.Identity" name="spadmin"/>
</Owner>
</GroupDefinition>
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
No vulnerabilities reported
Explore Related Topics