In IdentityIQ there are a few places where you can edit your own filter source and have it compiled into a search filter. Some of these areas are:
- When editing search criteria for an identity search in Analyze > Advanced Analytics > Identity Search (tab) > Advanced Search
- When editing a role profile under Define > Roles
- In the API, as you call: Filter filter = Filter.compile( "some filter expression" );
A compiler that can create a Filter from a string representation using the following grammar (note the Java-like syntax):
- String literals should have double-quotes.
- True / false values are treated as boolean literals
- Digits are treated as numbers
- The string value 'null' (no quotes) is treated as null
- Fully-qualified constants are resolved to enums
- e.g. type == sailpoint.object.ResourceObject.TYPE_ACCOUNT
- Everything else is assumed to be the property name
- e.g. email == contactAddress
Composite Filters:
- And
- AND - (expr && expr)
- e.g. ( inactive == false && type == "Employee" )
- Or
- OR - (expr || expr)
- e.g. ( type == "Employee" || type == "Contractor" )
- Not
- NOT - !(expr)
- e.g. !( company == "SailPoint" )
Leaf Filters:
Note: Any comparison operator can be prepended with an 'i' to signify a case-insensitive comparison (eg - i==, i!=, etc...).
- Equals
- EQ - propertyName == value
- e.g. firstname == "Neil"
- Not Equals
- NE - propertyName != value
- e.g. lastname != "Smith"
- Less Than
- LT - propertyName < value
- e.g. riskScoreWeight < 500
- Greater Than
- GT - propertyName > value
- e.g. riskScoreWeight > 0
- Less Than, Equals
- LE - propertyName <= value
- e.g. riskScoreWeight <=1000
- Greater Than, Equals
- GE - propertyName >= value
- e.g. riskScoreWeight >=500
- Contains All
- CONTAINS_ALL - propertyName.containsAll({ "foo", "bar", "baz" }) (or containsAllIgnoreCase())
- e.g. Groups.containsAll( { "A", "B", "C" } )
- In
- IN - propertyName.in({ "foo", "bar", "baz" }) (or inIgnoreCase())
- e.g. Groups.in( { "A", "B", "C" } )
- Is Null
- ISNULL - propertyName.isNull()
- e.g. email.isNull()
- Not Null
- NOTNULL - propertyName.notNull()
- e.g. company.notNull()
- Is Empty
- ISEMPTY - propertyName.isEmpty()
- e.g. Groups.isEmpty()
- Like, Exact
- EXACT - propertyName == value
- e.g. firstname == "Neil"
- Like, Start
- START - propertyName.startsWith(value) (or startsWithIgnoreCase())
- e.g. lastname.startsWith( "Mc" )
- Like, End
- END - propertyName.endsWith(value) (or endsWithIgnoreCase())
- e.g. email.endsWith( "@sailpoint.com" )
- Like, Anywhere
- ANYWHERE - propertyName.contains(value) (or containsIgnoreCase())
- e.g. email.contains( "sail" )
- Join
- JOIN - propertyName.join( ClassName.propertyName )
- Collection Condition
- COLLECTION_CONDITION - propertyName.collectionCondition( "fooProp == \"bar\"" )
- Note that the parameter to collectionCondition() is the string representation (with quotes escaped) of the collection element filter.
- Subquery
- SUBQUERY - propertyName.subquery( property, subquery class, subquery property, subquery filter );
- e.g. propertyName.subquery("firstname", sailpoint.object.Bundle, "name", "riskScoreWeight > 500");
- A subquery takes the following parameters:
- property
- subquery class
- subquery property
- subquery filter: Either a string representation of a filter (with quotes escaped) or null.
