Null pointer exception from policy xpress iterator object

book

Article ID: 7755

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

We have a policy which fetches provisioning roles for a user and processes it further. Things work fine as long as the user has 1 or many roles but when the user has no role and the policy fires, it ends in exception. 

POLICYXPRESSAfter:ModifyUserEvent - Failed to evaluate policy 'Provisioning Notification: Role member disabled'. Error category 'Validation' with behavior 'Fail Event'.2017-04-27 16:02:10.0 

POLICYXPRESSERROR MESSAGE: Missing parameter 

How can we check for the NULL in the iterator as when the policy fires before any validation, the data elements is calculated first and there itself the exception is thrown.

Cause

The entry rule included the following conditions: 

<< 

(Role_Admin_Email Not equals "") AND (Disabled_State_Changed Equals "true") 

AND (Disabled_State Equals "5") AND (Role_Admin_Email Contains "@") AND (UserProvisioningState Equals "Active") 

AND (get_Role_List Not equals "") 

>> 

Each criterion is evaluated in sequence, so testing Role_Admin_Email value is the first criterion. 

But this Role_Admin_Email value is taken from the Custom Field of each role into the iterator. So when the list is empty it fails on the first condition. 

Environment

Release:
Component: IDMGR

Resolution

Understanding the cause of this issue; you must put the major test against get_Role_List ahead into the AND conditions sequence because if get_Role_List equals "" then the next test will not be done and so you will not get any exception.