As with any major piece of software, there is a fairly extensive security model behind the scenes controlling what people can and can't do or see. IdentityIQ is no exception, having a collection of SPRight and Capability objects governing what can be done. SailPoint typically provides a capabilities matrix for each version of IdentityIQ. In other cases, users in the community have assembled this matrix and posted it for those looking for more information. This matrix has become an invaluable tool for those responsible for mapping out what access to grant different types of users.
While this spreadsheet is a great resource, it falls short in a couple of key areas...
Given this information is all (mostly) available within IdentityIQ, why not utilize a rule to retrieve this information from a live system? Doing so allows us to address all 3 bullet points above (grab descriptions where available, include custom rights/capabilities, and avoid doing it manually)! So we decided to give it a try... The initial version of that effort is attached. The rule is designed to export this information in a format similar to the capabilities matrix we use today.
A few notes:
Hope this helps!
Have you looked into using a SQL query with the similar data instead?
As far as I am aware, the descriptions/etc. are not directly available via SQL. This is especially true for objects that are using localization, which most of the built-in rights/capabilities are using. By using a rule, we can utilize the IIQ runtime to resolve these for us on the fly.