Sample Attachment Configuration Rule: Contractor Work Authorization Form

The sample attachment configuration rule shown below enforces a requirement that any time access is requested for a contractor identity, a Contractor Authorization Form must be attached to the request.

Copy

Sample Attachment Configuration Rule

 <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE sailpoint PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<sailpoint>
<Rule language="beanshell" name="Contractor Work Auth Rule" type="AttachmentConfig">
    <Description>Returns configs for contractor work authorization.</Description>
    <Signature returnType="java.util.List">
      <Inputs>
        <Argument name="log">
          <Description>
          </Description>
        </Argument>
        <Argument name="context">
          <Description>
          </Description>
        </Argument>
        <Argument name="requester" type="sailpoint.object.Identity">
          <Description>
          </Description>
        </Argument>
        <Argument name="requestee" type="sailpoint.object.Identity">
          <Description>
          </Description>
        </Argument>
        <Argument name="requestedItem" type="sailpoint.object.SailPointObject">
          <Description>
          </Description>
        </Argument>
        <Argument name="action" type="java.lang.String">
          <Description>
          </Description>
        </Argument>
      </Inputs>
      <Returns>
        <Argument name="configList">
          <Description>
          </Description>
        </Argument>
      </Returns>
    </Signature>
    <Source>
      import sailpoint.object.*;
      import java.util.*;
      import sailpoint.service.*;
      import sailpoint.tools.Util;

      // Result is always a list of AttachmentConfigDTOs. The list may be empty but shouldn't be null.
      List result = new ArrayList();

      if (requestee != null) {
          String employeeType = requestee.getType();
          if (Util.nullSafeEq(employeeType, "contractor")  && Util.nullSafeEq(action, "add")) {
              result.add(new AttachmentConfigDTO(true, "Please attach signed work authorization form."));
          }
      }    

      return result;
    </Source>
  </Rule>
  </sailpoint>

The following sections explain some specific areas of the rule's elements and BeanShell code:

Rule Type

In the Rule element of the XML, the rule type is specified as AttachmentConfig. This is what indicates that the rule applies to Attachments, and what makes the rule appear in the Attachment Settings area of the IdentityIQ Global Configuration (gear menu > Global Settings > IdentityIQ Configuration > Miscellaneous Tab). The Rule element also provides the name of the rule as it will appear in the configuration UI.

Copy

<Rule language="beanshell" name="Contractor Work Auth Rule" type="AttachmentConfig">

Who this Rule Applies To

The bolded BeanShell code here specifies that this rule applies to identities of employee type "contractor":

Copy

if (requestee != null) {
          String employeeType = requestee.getType();
          if (Util.nullSafeEq(employeeType, "contractor")) && Util.nullSafeEq(action, "add")) {

              result.add(new AttachmentConfigDTO(true, "Please attach signed work authorization form."));

Attachment Overlay Text

The BeanShell code can also determine the message that appears on the overlay screen when the requestor clicks the Attachment link.

Copy

if (requestee != null) {
          String employeeType = requestee.getType();
          if (Util.nullSafeEq(employeeType, "contractor")) && Util.nullSafeEq(action, "add")) {

              result.add(new AttachmentConfigDTO(true, "Please attach signed work authorization form."));