There could be a scenario wherein you need to parse JasperResult attached to an account aggregation task result in order to perform some custom business logic. We shall discuss how some meaningful information can be extracted out of the JasperResult programmatically. Let's not get confused with JasperResult attached to a Report TaskResult.
IIQ attaches a JasperResult object with account aggregation TaskResult when at least one option is selected under 'Actions to include in the task result' in the task definition. One of the common choices is 'Remove Account' to capture the accounts getting deleted from IIQ as part of aggregation by virtue of 'Detect Deleted accounts' option.
The basic difference between JasperResult object attached to account aggregation vs report is -
Report results are stored as File BLOB in spt_file_bucket table
Account aggregation results are stored as XML CLOB in spt_jasper_result table.
Scenario
Let's understand the scenario which needed me to think about it and come up with a solution. IIQ gets a daily feed from a facility management system (FMS) that contains employees' seat details. The seat number gets populated in AD account of the user too.
When a seat is de-allocated/freed up (typically post termination or movement to a different location), the corresponding seat record is removed from the feed or the same seat gets allocated to a different person.
The business requirement was to clean up seat number present in AD in case of seat de-allocation through IIQ.
Solution
This is a two part solution -
Firstly, Remove Account option under 'Actions to include in the task result' along with 'Detect Deleted accounts' has been enabled in the account aggregation task definition. That will let you capture the deleted accounts due to seat deallocation.
Second part is tricky and had to identify appropriate APIs to extract the deleted accounts' identifiers in a rule runner task which is scheduled to run daily to clean up seat numbers from AD. Below code can be used to extract the required details out of account aggregation task result. Once that is achieved, we set the AD attribute containing the user's seat number with an empty string using ProvisioningPlan. Easy!
import sailpoint.reporting.*;
import sailpoint.object.*;
public List getRemovedUsers(TaskResult tr)
{
JasperResult jasperResult = tr.getReport();
List removedUserList = new ArrayList();
if(jasperResult != null)
{
JasperRenderer renderer = new JasperRenderer(jasperResult);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
renderer.renderToCSV(baos,"csv");
String result = baos.toString();
String[] lines = result.split("\\n");
List lineList = Arrays.asList(lines);
//TaskResult shows removed user details in this fashion: Application,Account,,Action,Identity,Attribute,
for(String line: lineList)
{
if(line != null && line.startsWith("<appname>"))
{
String[] data = line.split(",");
String uid = data[1]; //Get the value of 'Account' column i.e. nativeIdentity
removedUserList.add(uid);
}
}
}
return removedUserList;
}
