SailPoint IdentityIQ: Batch Request : Bulk Operations

SailPoint IdentityIQ comes with a most desired and important feature of Bulk Operations. This feature is known as Batch Requests which is available under "Setup" menu. This feature allow us to execute bulk operations by passing csv file as input. We can use these Batch Requests with many additional configurable properties like Generation of Access Requests, Stopping execution in case of errors etc. 

Here are the list of operations which are supported by Batch Requests:
  • Create Identity (User)
  • Modify Identity (User)
  • Create Account
  • Delete Account
  • Enable Account
  • Disable Account
  • Unlock Account
  • Assign Role (Add Role)
  • Revoke Role (Remove Role)
  • Provision Entitlement (Add Entitlement)
  • Revoke Entitlement (Remove Entitlement)
  • Change Password

Remember:

  1. For Modify Identity, make sure that fields are editable which you want to modify through Batch Requests, else you will get exception 
  2. Use Pipe ( | ) to assign/revoke multiple roles or entitlements
  3. Following operations with similar data and columns cannot be done through same csv file: 
    • Create Identity
    • Modify Identity
    • Change Password
Examples

Create Identity

operation, name, email, department, costcenter, firstname, lastname, manager, userType, employeeNumber
CreateIdentity, CFRGUSON,  cfrguson@example.com, IAM, 1001, Craig, Frguson, asmith, Contractor, 00025


Modify Identity

operation, identityname, email, department, costcenter, firstname, lastname, manager, userType, employeeNumber
ModifyIdentity, BSmeeth,  bsmeeth@example.com, IAM, 1002, Bob, Smeeth, ssmeeth, Employee, 00022





Disclaimer


All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information

SailPoint IdentityIQ - Fetch User Role Membership


Here is the sample query to retrieve user - role membership in SailPoinr IdentityIQ:


Select idy.name as "Username", (select idy2.name from spt_identity idy2 where idy.manager=idy2.id) AS "Manager",  idy.extended1 AS "UserType", bun.name AS "Role Name", bun.disabled AS "Status" 
from spt_identity idy, spt_identity_bundles idb, spt_bundle bun
where idy.id = idb.identity_id
and bun.id=idb.bundle Order by idy.name;

Tables Used:
  • User Data: SPT_IDENTITY
  • Role Table: SPT_BUNDLE
  • User-Role Membership: SPT_IDENTITY_BUNDLES
Note: In SailPoint IdentityIQ, Roles are also known as Bundles. 

MySQL - Alias Not Working - Oracle SQL Developer

I have SailPoint IdentityIQ running on MySQL and wanted to use Oracle SQL Developer for general query purpose to see some data. 

Most of the tables in SailPoint database have one column with name "ID" so it is useful to use "Alias" in the select query but somehow alias for column was not working even for simple query.

For example: SELECT  ID as "UserKey" from SPT_IDENTITY;


After doing research on this issue, I found about "useOldAliasMetadataBehavior" parameter. In previous versions of mysql connector, default value for this parameter is set to true but in newer versions, value for this parameter is set as false by default. This was the reason, alias was not working for me. 

As a solution, I had to pass the value for this parameter as true in the JDBC URL. Here's the example of JDBC URL:

jdbc:mysql://IP_Address:Port/identityiq?useOldAliasMetadataBehavior=true
 

Oracle SQL Developer with SailPoint MySQL - Vendor Code 1317

I have SailPoint IdentityIQ running on MySQL and wanted to use Oracle SQL Developer for general query purpose to see some data. 

One first query execution was successful but on the 2nd query execution I was getting below error "Query Execution was Interrupted". I also see the error code as "Vendor Code 1317". 

I tried different other options as suggested over internet but nothing worked for me. 

On research I found that this issue was resolved with MySQL Connector version of 5.0.x but I was getting this error with 5.0.4.

Finally it was resolved by using updated versions of mysql connector i.e. 5.1.48 (mysql-connector-java-5.1.48) or 5.1.29 (mysql-connector-java-5.1.29).