SailPoint IdentityNow Rule Guide - JDBC Provision Rule

Jolly Jaguar answered on September 26, 2023 Popularity 1/10 Helpfulness 1/10

answer SailPoint IdentityNow Rule Guide - JDBC Provision Rule

SailPoint IdentityNow Rule Guide - JDBC Provision Rule

Comment

Tip Jolly Jaguar 1 GREPCC

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="JDBCProvision">
  <Description>This example JDBC rule can process account creation requests, deletion requests, and modification requests that pertain to the “role” attribute. It logs debug messages if other account request types are submitted.</Description>
  <Source><![CDATA[
  import java.sql.Connection;
  import java.sql.DriverManager;
  import java.sql.PreparedStatement;
  import java.sql.SQLException;
  import java.sql.Types;
  import java.util.List;
  import sailpoint.api.SailPointContext;
  import sailpoint.connector.JDBCConnector;
  import sailpoint.object.Application;
  import sailpoint.object.ProvisioningPlan;
  import sailpoint.object.ProvisioningPlan.AccountRequest;
  import sailpoint.object.ProvisioningPlan.AttributeRequest;
  import sailpoint.object.ProvisioningPlan.PermissionRequest;
  import sailpoint.object.ProvisioningResult;
  import sailpoint.object.Schema;
  
  public String getAttributeRequestValue(AccountRequest acctReq, String attribute) {

    if ( acctReq != null ) {
      AttributeRequest attrReq = acctReq.getAttributeRequest(attribute);
      if ( attrReq != null ) {
        return attrReq.getValue();
      }
    }
    return null;
  }

  ProvisioningResult result = new ProvisioningResult();
  PreparedStatement statement;

  if ( plan != null ) {

    List accounts = plan.getAccountRequests();
    if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {
      for ( AccountRequest account : accounts ) {
        try {
          if ( AccountRequest.Operation.Create.equals( account.getOperation() ) ) {
            // Ideally we should first check to see if the account already exists.
            // As written, this just assumes it does not.

            statement = connection.prepareStatement( "insert into users (login,first,last,role,status) values (?,?,?,?,?)" );
            statement.setString ( 1, (String) account.getNativeIdentity() );
            statement.setString ( 2, getAttributeRequestValue(account,"first") );
            statement.setString ( 3, getAttributeRequestValue(account,"last") );
            statement.setString ( 4, getAttributeRequestValue(account,"role") );
            statement.setString ( 5, getAttributeRequestValue(account,"status") );
            statement.executeUpdate();

            result.setStatus( ProvisioningResult.STATUS_COMMITTED );

          } else if ( AccountRequest.Operation.Modify.equals( account.getOperation() ) ) {

            // Modify account request -- change role

            PreparedStatement statement = connection.prepareStatement( "update users set role = ? where login = ?" );
            statement.setString ( 2, (String) account.getNativeIdentity() );
            if ( account != null ) {
              AttributeRequest attrReq = account.getAttributeRequest("role");
              if ( attrReq != null && ProvisioningPlan.Operation.Remove.equals(attrReq.getOperation()) ) {
                statement.setNull ( 1, Types.NULL );
                statement.executeUpdate();
              } else {
                statement.setString(1,attrReq.getValue());
                statement.executeUpdate();
              }
            }
            result.setStatus( ProvisioningResult.STATUS_COMMITTED );

          } else if ( AccountRequest.Operation.Delete.equals( account.getOperation() ) ) {

            PreparedStatement statement = connection.prepareStatement( (String) application.getAttributeValue( "account.deleteSQL" ) );

            statement.setString ( 1, (String) account.getNativeIdentity() );
            statement.executeUpdate();

            result.setStatus( ProvisioningResult.STATUS_COMMITTED );

          } else if ( AccountRequest.Operation.Disable.equals( account.getOperation() ) ) {

            // Disable, not supported.

          } else if ( AccountRequest.Operation.Enable.equals( account.getOperation() ) ) {

            // Enable, not supported.

          } else if ( AccountRequest.Operation.Lock.equals( account.getOperation() ) ) {

            // Lock, not supported.

          } else if ( AccountRequest.Operation.Unlock.equals( account.getOperation() ) ) {

            // Unlock, not supported.

          } else {
            // Unknown operation!
          }
        }
        catch( SQLException e ) {
          result.setStatus( ProvisioningResult.STATUS_FAILED );
          result.addError( e );
        }
        finally {
          if(statement != null) {
            statement.close();
          }
        }
      }
    }
  }

  return result;

  ]]></Source>
</Rule>

xxxxxxxxxx

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<Rule name="Example Rule" type="JDBCProvision">

  <Description>This example JDBC rule can process account creation requests, deletion requests, and modification requests that pertain to the “role” attribute. It logs debug messages if other account request types are submitted.</Description>

  <Source><![CDATA[

  import java.sql.Connection;

  import java.sql.DriverManager;

  import java.sql.PreparedStatement;

  import java.sql.SQLException;

  import java.sql.Types;

  import java.util.List;

  import sailpoint.api.SailPointContext;

  import sailpoint.connector.JDBCConnector;

  import sailpoint.object.Application;

  import sailpoint.object.ProvisioningPlan;

  import sailpoint.object.ProvisioningPlan.AccountRequest;

  import sailpoint.object.ProvisioningPlan.AttributeRequest;

  import sailpoint.object.ProvisioningPlan.PermissionRequest;

  import sailpoint.object.ProvisioningResult;

  import sailpoint.object.Schema;

  public String getAttributeRequestValue(AccountRequest acctReq, String attribute) {

    if ( acctReq != null ) {

      AttributeRequest attrReq = acctReq.getAttributeRequest(attribute);

      if ( attrReq != null ) {

        return attrReq.getValue();

    return null;

  ProvisioningResult result = new ProvisioningResult();

  PreparedStatement statement;

  if ( plan != null ) {

    List accounts = plan.getAccountRequests();

    if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {

      for ( AccountRequest account : accounts ) {

        try {

          if ( AccountRequest.Operation.Create.equals( account.getOperation() ) ) {

            // Ideally we should first check to see if the account already exists.

            // As written, this just assumes it does not.

            statement = connection.prepareStatement( "insert into users (login,first,last,role,status) values (?,?,?,?,?)" );

            statement.setString ( 1, (String) account.getNativeIdentity() );

            statement.setString ( 2, getAttributeRequestValue(account,"first") );

            statement.setString ( 3, getAttributeRequestValue(account,"last") );

            statement.setString ( 4, getAttributeRequestValue(account,"role") );

            statement.setString ( 5, getAttributeRequestValue(account,"status") );

            statement.executeUpdate();

            result.setStatus( ProvisioningResult.STATUS_COMMITTED );

          } else if ( AccountRequest.Operation.Modify.equals( account.getOperation() ) ) {

            // Modify account request -- change role

            PreparedStatement statement = connection.prepareStatement( "update users set role = ? where login = ?" );

            statement.setString ( 2, (String) account.getNativeIdentity() );

            if ( account != null ) {

              AttributeRequest attrReq = account.getAttributeRequest("role");

              if ( attrReq != null && ProvisioningPlan.Operation.Remove.equals(attrReq.getOperation()) ) {

                statement.setNull ( 1, Types.NULL );

                statement.executeUpdate();

              } else {

                statement.setString(1,attrReq.getValue());

                statement.executeUpdate();

            result.setStatus( ProvisioningResult.STATUS_COMMITTED );

          } else if ( AccountRequest.Operation.Delete.equals( account.getOperation() ) ) {

            PreparedStatement statement = connection.prepareStatement( (String) application.getAttributeValue( "account.deleteSQL" ) );

            statement.setString ( 1, (String) account.getNativeIdentity() );

            statement.executeUpdate();

            result.setStatus( ProvisioningResult.STATUS_COMMITTED );

          } else if ( AccountRequest.Operation.Disable.equals( account.getOperation() ) ) {

            // Disable, not supported.

          } else if ( AccountRequest.Operation.Enable.equals( account.getOperation() ) ) {

            // Enable, not supported.

          } else if ( AccountRequest.Operation.Lock.equals( account.getOperation() ) ) {

            // Lock, not supported.

          } else if ( AccountRequest.Operation.Unlock.equals( account.getOperation() ) ) {

            // Unlock, not supported.

          } else {

            // Unknown operation!

        catch( SQLException e ) {

          result.setStatus( ProvisioningResult.STATUS_FAILED );

          result.addError( e );

        finally {

          if(statement != null) {

            statement.close();

  return result;

  ]]></Source>

</Rule>

Popularity 1/10 Helpfulness 1/10 Language java

Source: community.sailpoint.com

Tags: java jdbc rule sailpoint

Link to this answer
Share Copy Link

Contributed on Sep 26 2023

Jolly Jaguar

0 Answers Avg Quality 2/10

SailPoint IdentityNow Rule Guide - JDBC Provision Rule

Contents

More Related Answers

SailPoint IdentityNow Rule Guide - JDBC Provision Rule

Grepper

Documentation

Social

Legal

Contact

Oops, You will need to install Grepper and log-in to perform this action.