- Products & services Products & services
- Resources ResourcesLearning
- Learning
- Identity University Get technical training to ensure a successful implementation
- SailPoint professional certifications & credentials Advance your career or validate your identity security knowledge
- SailPoint recertification program Get recertified by demonstrating ongoing learning
- Training onboarding guide Make of the most of training with our step-by-step guide
- Training FAQs Find answers to common training questions
- Community Community
- Compass
- :
- Discuss
- :
- Community Wiki
- :
- IdentityIQ Wiki
- :
- Setting existing entitlements in the entitlement catalog to false
- Article History
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Setting existing entitlements in the entitlement catalog to false
Setting existing entitlements in the entitlement catalog to false
I had a question in class regarding a situation where the Entitlement Catalog had been built up over time to include all entitlements for a given enterprise. Unfortunately, this customer wanted to enable LCM at a later date and all the entries in their Entitlement Catalog were marked as requestable (this being the default when entitlements are loaded into the system.) They wanted a simple way to walk through all the entitlements in the catalog and set the requestable flag to "false".
Here is some rule code that will effectively accomplish this:
import java.util.Iterator;
import sailpoint.object.*;
//
// Find managed entitlements and iterate. Note, you could use queryoptions here to narrow the query to certain applications, etc.
//
QueryOptions qo = new QueryOptions();
//qo.addFilter(Filter.eq("group",(Boolean)true));
Iterator maResult = context.search(ManagedAttribute.class, qo);
//
// Iterate through all the MAs one at a time.
//
int count = 0;
int commitLimit = 100;
while (maResult.hasNext()) {
ManagedAttribute ma = (ManagedAttribute)maResult.next();
ma.setRequestable(false);
context.saveObject(ma);
count++;
if ( (count % commitLimit) == 0) {
context.commitTransaction();
}
}
// commit the last remaining updates.
context.commitTransaction();
return "Processed " + count + " objects.";
This will process EVERY SINGLE managed attribute object and set the requestable flag to false. The code also makes sure to commit the changes every 100 objects to conserve memory while processing through the managed attributes.
If you wanted to only set those entitlements that represent account groups, you could modify the QueryOptions filter as needed to only modify those specific entitlements:
Add a QueryOption filter like so:
qo.addFilter(Filter.eq("group",(Boolean)true));
Also, let's say you only wanted to do this for entitlements for an application called "AD", you could do the following:
qo.addFilter(Filter.eq("application.name","AD"));
Note that this rule could also be used to set the owner for each entitlement as well.
To set an owner, use the setOwner() method, just make sure to use an Identity object instead of the name to set the owner.
Enjoy!
