How do certification comments make it into the various access review (cert) reports?

5 Kudos

Question

I've noticed that several Access Review (Certification) reports, take for examnple the "Advanced Access Review Report", include a "Comments" column.

When I run these reports, the "Comments" column isn't populated with data, even when comments have been entered in the certification.

Answer

The comments field for the "Advanced Access Review Report" is populated when you enter comments in a "pop-up" during action on the certification worksheet view. For example, if you enable "Require Comments For Approval" when creating the certification, a popup will be presented upon approval of the cert item and any text entered here will be shown in said report. In addition, if you've made the entitlement on the application schema remediation modifiable (select for example), then when you revoke a cert item, a popup will be displayed and any comment entered here will also be shown in the report.

If you open a cert and drill down into an individual identity and click the add comment button, this comment is intended to be displayed only on the certification history for this identity. You can see this comment by going to the Define->Identities page, edit an identity and choose the "History" subtab, Identity Certification History table.

jusewell · ‎Apr 27, 2022

Below is a RenderScript to pull the comment from the Identity History Item

<ReportColumnConfig field="comments" header="rept_cert_col_decision_maker_comments" property="id" width="110">
  <RenderScript>
    <Source>
    
    import sailpoint.object.Certification;
    import sailpoint.object.CertificationItem;
    import sailpoint.object.CertificationLink;
    import sailpoint.object.EntitlementSnapshot;
    import sailpoint.object.Filter;
    import sailpoint.object.IdentityHistoryItem;
    import sailpoint.object.QueryOptions;
    
    import sailpoint.tools.Util;
    
    String comments = null;
    
    CertificationItem certificationItem = context.getObjectById(CertificationItem.class, value);
    
    EntitlementSnapshot entitlementSnapshot = certificationItem.getExceptionEntitlements();
    
    String identityName = certificationItem.getIdentity();
    String applicationName = entitlementSnapshot.getApplicationName();
    String nativeIdentity = entitlementSnapshot.getNativeIdentity();
    String attributeName = entitlementSnapshot.getAttributeName();
    Object attributeValue = entitlementSnapshot.getAttributeValue();
    
    QueryOptions qo = new QueryOptions();
    
    qo.addFilter(Filter.eq("type", "Comment"));
    qo.addFilter(Filter.eq("identity.name", identityName));
    qo.addFilter(Filter.eq("application", applicationName));
    qo.addFilter(Filter.eq("nativeIdentity", nativeIdentity));
    qo.addFilter(Filter.eq("attribute", attributeName));
    qo.addFilter(Filter.eq("value", attributeValue));
    
    Iterator iterator = context.search(IdentityHistoryItem.class, qo, "id");
    
    while ( iterator.hasNext() )
    {
      Object[] objs = iterator.next();
      
      if ( objs.length == 1 )
      {
        String id = objs[0];
        
        IdentityHistoryItem historyItem = context.getObjectById(IdentityHistoryItem.class, id);
        
        CertificationLink certificationLink = historyItem.getCertificationLink();
        
        if ( Util.nullSafeEq(certificationLink.getId(), certificationItem.getCertification().getId()) ) {
          comments = historyItem.getHistoryComments();
          break;
        }
      }
    }
    
    Util.flushIterator(iterator);
    
    return comments;
    
     </Source>
  </RenderScript>
</ReportColumnConfig>

How do certification comments make it into the various access review (cert) reports?