Managed entitlement customization rule is quite useful in SailPoint if there are huge number of entitlements, for example some AD groups and descriptions can be set based on the name of the groups.
However, there is a big disadvantage in using this rule, the description will be updated only first time when the entitlements were found and brought into managed entitlements.
The "Promote managed entitlements" task or "Missing managed entitlement scan" both tasks can be used to find the missing entitlements, and execute the rule to update the descriptions of the entitlements.
But if the rule is not specified in the rules tab of application definitions, and either of the tasks("Promote managed entitlements","Missing managed entitlement scan") is executed, then the entitlements will be updated without any descriptions, and running the rule next time won't update the existing blank descriptions.
Also if there are more than one entitlements attributes with same entitlement value then by default the rule will only updated the entitlement which is passed to it first, to avoid this scenario both entitlement attribute and entitlement value needs to be checked before updating.
Sample rule
String filter = "Update"
//To get the entitlement value
String ent = attribute.getValue();
//To get the name of attribute if there are more than one attribute with same entitlement values
String attr = attribute.getAttribute();
if(ent.contains(filter) && attr.equals("groupA"))
{
attribute.setExplanation("defualt","This is description of groupA ..... ");
}
No comments:
Post a Comment