Package com.identityworksllc.iiq.common

Class BaseIdentityUtilities

    • Constructor Detail

    • Method Detail

      • getDefaultRefreshOptions

        public sailpoint.object.Attributes<String,​ObjectgetDefaultRefreshOptions​(boolean shouldProcessEvents)
        Gets the default set of refresh options, with or without process-events.

        The refresh options set to true are:

        • provision
        • correlateEntitlements
        • promoteManagedAttributes
        • refreshRoleMetadata
        • promoteAttributes
        • synchronizeAttributes
        • refreshManagerStatus
        • noResetNeedsRefresh
        • refreshProvisioningRequests
        • checkHistory

        If the provided shouldProcessEvents is true, then processTriggers will also be set to true. This is optional because triggers can prolong a refresh considerably.

        Parameters:
        shouldProcessEvents - True if we should also process events, false if not
        Returns:
        A new Attributes with the default set of refresh options

      • hasDetectedRole

        public boolean hasDetectedRole​(sailpoint.object.Identity identity,
                               String roleName)
        Returns true if the user has at least one of the detected role
        Parameters:
        identity - The identity to check
        roleName - The role name to look for
        Returns:
        true if the user has at least one detected role of this name

      • hasMultiple

        public boolean hasMultiple​(sailpoint.object.Identity identity,
                           String roleName)
        Returns true if the user has the given role more than one time (either via assignment or detection or both)
        Parameters:
        identity - The identity to check
        roleName - The role name to look for
        Returns:
        true if the user has at least two assigned/detected roles of this name

      • maskSecretAttributes

        public void maskSecretAttributes​(Map<String,​Object> attributes)
        Transforms the existing Map in place by replacing attributes of type Secret with asterisks
        Parameters:
        attributes - The attribute map to modify

      • recursivelyExplodeHierarchy

        public List<Object[]> recursivelyExplodeHierarchy​(sailpoint.object.Identity parent)
                                           throws sailpoint.tools.GeneralException
        Returns a recursive list of all subordinates of the given Identity by recursively navigating other Identity objects starting with this one as their ‘manager’.
        Parameters:
        parent - The parent Identity
        Returns:
        A list of object arrays, containing the ‘id’ and ‘name’ of any Identities
        Throws:
        sailpoint.tools.GeneralException - if this fails

      • recursivelyExplodeHierarchy

        public List<Object[]> recursivelyExplodeHierarchy​(String parent,
                                                  String attribute)
                                           throws sailpoint.tools.GeneralException
        Returns the entire tree below the ‘parent’ Identity by recursively querying for other objects that reference it via the given attribute.

        For example, this might return a manager’s entire tree of subordinates.

        Parameters:
        parent - an Identity ID to search in the given attribute
        attribute - the attribute containing an Identity ID reference (e.g., manager)
        Returns:
        A list of object arrays, containing the ‘id’ and ‘name’ of any Identities
        Throws:
        sailpoint.tools.GeneralException - if this fails

      • recursivelyExplodeWorkgroup

        public List<sailpoint.object.Identity> recursivelyExplodeWorkgroup​(sailpoint.object.Identity possibleWorkgroup)
                                                            throws sailpoint.tools.GeneralException
        Recursively expands the input Identity, returning a list of workgroup members.

        If the input Identity is not a workgroup, it is returned alone. If any members of a workgroup are themselves workgroups, they will be recursively expanded.

        This can be used, for example, to send a notification to an entire workgroup.

        Parameters:
        possibleWorkgroup - an Identity object, which is likely a workgroup
        Returns:
        The list of Identities in the given workgroup, and any child workgroups
        Throws:
        sailpoint.tools.GeneralException - if this fails

      • refresh

        public void refresh​(sailpoint.object.Identity id)
             throws sailpoint.tools.GeneralException
        Performs a refresh with default options on the identity
        Parameters:
        id - The identity in question
        Throws:
        sailpoint.tools.GeneralException - if any IIQ failure occurs

      • refresh

        public void refresh​(sailpoint.object.Identity id,
                    boolean shouldProcessEvents)
             throws sailpoint.tools.GeneralException
        Performs a refresh with mostly-default options on the identity
        Parameters:
        id - The identity to target
        shouldProcessEvents - if true, processEvents will also be added
        Throws:
        sailpoint.tools.GeneralException - if any IIQ failure occurs

      • refresh

        public void refresh​(sailpoint.object.Identity id,
                    Map<String,​Object> args)
             throws sailpoint.tools.GeneralException
        Performs a refresh against the identity with the given arguments
        Parameters:
        id - The target identity
        args - the refresh arguments
        Throws:
        sailpoint.tools.GeneralException - if any IIQ failure occurs

      • rename

        public void rename​(sailpoint.object.Identity target,
                   String newName)
            throws sailpoint.tools.GeneralException
        Attempt to do a best effort rename of a user.

        Note that this will not catch usernames stored in:

        (1) ProvisioningPlan objects (2) Running workflow variables

        Parameters:
        target - The Identity object to rename
        newName - The new name of the identity
        Throws:
        sailpoint.tools.GeneralException - if any renaming failures occur