Beruflich Dokumente
Kultur Dokumente
Contents
Section 5: Putting it all Together ....................................................................................................................................... 3
Exercise #1: Resolving Data Problems ........................................................................................................................... 4
The Problem.......................................................................................................................................................................... 4
Research the Problem ....................................................................................................................................................... 4
Analyze the Problem ......................................................................................................................................................... 5
Investigate the Rule ........................................................................................................................................................... 6
Code the Rule........................................................................................................................................................................ 7
BuildMap (excerpted from the whitepaper Rules in IdentityIQ) ..................................................................... 9
Description ....................................................................................................................................................................... 9
Definition and Storage Location .............................................................................................................................. 9
Arguments ........................................................................................................................................................................ 9
Example ........................................................................................................................................................................... 10
This exercise starts with a problem discovered in LifeCycle Manager and walks through the
following steps to resolution:
Note that the directions provide minimal guidance, however they intentionally do not specify how
or where to perform the required actions.
Your task is to debug and fix this problem, ensuring that the Financials Application data is correct.
Assume that no changes can be made outside of IdentityIQ. You can use the following outline to
guide you, or you can pursue the solution independently from the course book.
a. How many members are listed for the PayrollAnalysis entitlement? _________________
___________________________________________ ___________________________________________
___________________________________________ ___________________________________________
4. Investigate IdentityIQ and the Financials data. Why does Richard Jackson have the
PayrollAnalyis Entitlement rather than the PayrollAnalysis Entitlement?
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
1) ______________________________________________________________________________________________________
2) ______________________________________________________________________________________________________
2. Note that you can reduce the visibility of this error by removing the Requestable option for
the PayrollAnalyis Entitlement. This does not fix the underlying problem. Thus, don’t use
this functionality to resolve this problem.
3. The best way to fix this error is to correct the Financials data and re-aggregate.
Unfortunately, you have been informed that the data feed cannot be altered. You will need
to change the erroneous data within IdentityIQ using a rule.
a. From the listed rules (all of which are available for delimited files), check the rules
that are most appropriate for correcting the data.
b. Circle the rule that you will use, and explain why you selected it.
_________________________________________________________________________________________________
_________________________________________________________________________________________________
_________________________________________________________________________________________________
_________________________________________________________________________________________________
1. Consider the input variables for the rule that you selected.
___________________________________________ ___________________________________________
___________________________________________ ___________________________________________
___________________________________________ ___________________________________________
___________________________________________ ___________________________________________
_________________________________________________________________________________________________
2. What is the name of the field in the Financials data that holds the entitlement values?
_________________________________________________________________________________________________________
3. What does the rule need to do? Write the pseudo-code for the rule.
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
4. The remainder of this exercise will use the BuildMap rule. If you selected a different rule,
you can choose to implement using the rule you selected or the BuildMap rule. For
reference, the BuildMap rule section from the whitepaper Rules in IdentityIQ is included at
the end of this exercise. If you choose to implement this fix using a different rule type than
the BuildMap rule, go to Compass and download the whitepaper to view the documentation
for the rule you selected.
b. What is the name of the class that needs to be imported to use the convenience
method provided with the BuildMap rule?
_________________________________________________________________________________________________
2. Use println statements to view the data that is being provided to you. Input the following
code:
import sailpoint.connector.DelimitedFileConnector;
return map;
b. Find the output for Richard Jackson and confirm that he has the PayrollAnalyis
entitlement.
if ("PayrollAnalyis".equals(entitlement)) {
map.put("groupmbr", "PayrollAnalysis");
System.out.print("***identity: " + identity + ", ");
System.out.println("Changed PayrollAnalyis to PayrollAnalysis");
} else {
System.out.println("identity: " + identity + ", entitlement: " + entitlement);
}
return map;
5. Aggregate the data, and Refresh only identities with accounts on the Financials Application.
a. Remember, entitlements are not fully promoted to the Identity Cube until a refresh
is performed. If you were to run a certification between the aggregation and the
refresh, which entitlement would be provided for certification? (Circle your answer)
PayrollAnalysis PayrollAnalyis
7. Verify that the fix resolved the original problem: when requesting access and searching on
“Payroll”, only one entitlement should be returned: PayrollAnalysis.
If no BuildMap rule is specified, the default behavior is to traverse the column list (from the file header
record or Columns list) and the parsed record, assigning each record element to the columns in order
and inserting those pairs into a map. For example:
A convenience method is available to BuildMap rules that performs this default behavior. The remainder
of the rule can then make modifications to the map. The convenience method is:
DelimitedFileConnector.defaultBuildMap(cols, record);
The rule must import the sailpoint.connector.DelimitedFileConnector class to use this method.
NOTE: Because this rule is run for each record in the input file, it can have a noticeable effect on
performance if it contains time-intensive operations. Where possible, complicated lookups should be
done in the PreIterate rule, with the results stored in CustomGlobal for use by the BuildMap rule; the
global data should be removed by the PostIterate rule.
Define -> Application -> Application Type: DelimitedFile -> Attributes -> Connector Rules
section -> Build Map Rule
The rule name is recorded in the attributes map of the application XML.
Arguments
Inputs (in addition to the defaults):
aggregation run
record java.util.List An ordered list of the values for the current
record (parsed based on the specified delimiter)
cols java.util.List An ordered list of the column names from the
file’s header record or specified Columns list
Outputs:
Example
This example BuildMap rule first invokes the default logic to create a map based on the defined columns
and the record’s values. It then manipulates targets and rights into direct permission objects by joining
the map’s target and rights values into a single direct permission value which is added to the map. The
original target and rights are then removed from the map.
import sailpoint.connector.DelimitedFileConnector;
import sailpoint.object.Permission;
return map;