Resolution
The columns listed in an Identity Access Review grid can be modified through the UI Configuration XML (accessible through the Access Governance Suite Debug pages). The columns in an Access Review displayed in the "Identity View" are modified by altering the columnConfig entries under entry key "certificationEntityTableColumns". The columns shown in an Access Review displayed in "Worksheet View" are modified by altering the columnConfig entries under the entry key "certificationItemTableColumns".
Identity View: CertificationEntityTableColumns
<entry key="certificationEntityTableColumns"><value><List><ColumnConfig dataIndex="identity" headerKey="cert_item_tbl_header_identity" hideable="true" property="identity" sortProperty="identity" sortable="true"/> <ColumnConfig dataIndex="firstname" headerKey="cert_item_tbl_header_firstname" hideable="true" property="firstname" sortProperty="firstname" sortable="true"/> ¦
Worksheet View: CertificationItemTableColumns
<entry key="certificationItemTableColumns"><value><List><ColumnConfig dataIndex="decision" headerKey="decision" property="IIQ_calculatedStatus" renderer="NetIQ.certification.WorksheetGrid.renderButtons" sortProperty="IIQ_calculatedStatus"/><ColumnConfig dataIndex="parent-identity" headerKey="cert_item_tbl_header_identity" hideable="true" property="parent.identity" sortProperty="parent.identity" sortable="true"/> <ColumnConfig dataIndex="parent-firstname" headerKey="cert_item_tbl_header_firstname" hideable="true" property="parent.firstname" sortProperty="parent.firstname" sortable="true"/> ¦
To change the columns displayed in either view, delete any unwanted columns' ColumnConfig records and add new ColumnConfig records for additional desired columns. The available parameters for ColumnConfig entries are shown in the table below.
ColumnConfig Parameter | Purpose | Optional |
dataIndex | Usually left blank for custom columns; value is a JSON-safe key to access data in grid stores | Yes |
headerKey | Value for column header (specify the actual text to be displayed or a key for a message in the messages catalog; if the headerKey value cannot be interpreted as a message key, the actual text is displayed as entered) | No |
hideable | Flag indicating whether the column can be hidden or not | Yes |
hidden | Flag indicating whether the column is hidden by default | Yes |
property | Object attribute to display in data rows | No |
sortProperty | Value to sort by if data is sorted by this column (usually same as Property) | Yes |
sortable | Boolean value determining whether the grid can be sorted by this column | Yes |
evaluator | Java code file that retrieves the data to be displayed (used to join to data outside the certification entity to include it in the grid); only applies to certification detail page. Note: The evaluator property is only available in the certification detail view. | Yes |
renderer | name of a javascript function that will be executed to determine what to display for this row/column. (e.g. Decision buttons in the Worksheet view are displayed through a renderer) | Yes |
Example of custom ColumnConfig specificaton:
<ColumnConfig headerKey="ACME ID" hideable="true" property="Identity.displayName" sortProperty="Identity.displayName" sortable="true"/>
Adding External Data
To add data to the grid view that would not normally be available in the certification display, join to the object that contains the data from the certification entity. The columnConfig for that column would require a custom evaluator that specifies the logic for accessing data.
An example of a columnConfig that uses an evaluator for this type of join is found in the UI Config under the entry key: "certificationDetailAccountGroupMembershipColumns" on the "identity" column:
<ColumnConfig dataIndex="IIQ_identity" evaluator="sailpoint.web.view.certification.AccountGroupMember shipIdentityColumn" headerKey="identity" property="IIQ_identity" renderer="NetIQ.certification.BaseCertificationGrid.renderIdentity" sortProperty="IIQ_identity"/>
NOTE: The evaluator attribute only applies to the certification detail page; it does not apply to all certification grid views. Also, the evaluator property is only available in the certification detail view.
The source code of AccountGroupMembershipIdentityColumn (shown below) can be used as a basis for writing a custom evaluator. A custom renderer would not be necessary for displaying simple text fields.
package sailpoint.web.view.certification;
import sailpoint.object.*;
import sailpoint.tools.GeneralException;
import sailpoint.web.view.IdentitySummary;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
public class AccountGroupMembershipIdentityColumn extends CertificationItemColumn {
private static final String COL_TARGET_ID = "targetId";<span class="ig-nolink"><span class="ig-nolink">@Override</span></span>
public Object getValue(Map<String, Object> row) throws GeneralException {
String identityId = (String)row.get(COL_TARGET_ID);
Identity identity = this.getNetIQContext().getObjectById
(Identity.class, identityId);
// At this point you have an identity object and can go get whatever value you want from that identity. Remember that sometimes the identities are service accounts or orphans so may not have that attribute populated.
if (identity != null)
return new IdentitySummary(identity);
else
return null;
}
}
The custom evaluator .java file must be compiled and the resulting .class file must be placed in the directory/folder: <IIQ installation location>\WEB-INF\classes\sailpoint\custom. If the standard build process is used, it will take care of compiling and putting the class file in the right location.