From 1e13fce7f7fd4b05b5589029a74451a399730853 Mon Sep 17 00:00:00 2001 From: Alex Zaw Date: Wed, 25 Feb 2026 23:06:58 +0000 Subject: [PATCH] Update Function ES_V2_CHANGE_USER_PROFILE --- .../Functions/ES_V2_CHANGE_USER_PROFILE.sql | 200 +++++++++++++++++- 1 file changed, 199 insertions(+), 1 deletion(-) diff --git a/SAILPOINT/Functions/ES_V2_CHANGE_USER_PROFILE.sql b/SAILPOINT/Functions/ES_V2_CHANGE_USER_PROFILE.sql index 7adf9be..f65ca7a 100644 --- a/SAILPOINT/Functions/ES_V2_CHANGE_USER_PROFILE.sql +++ b/SAILPOINT/Functions/ES_V2_CHANGE_USER_PROFILE.sql @@ -1 +1,199 @@ -@@\@^@ % %@@@@Kmmmm@M@ %@M]@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@k@ %@M]@@@@@]@ %@M]@@@ %@@ %@Km@ %@@ %@@@ %@@@@ %@@ %@@@@~@\@k@ %@~@\@k@ %@~@\@k@ %@~@\@k@ %@~@Mk@k@]@k@ %@~@\@k@ %@~@\@k@ %@~@\@k@ %@~@\@@@ %@ %@m@@M@@@]@@}}@^@ %@m@@M@@]@@}}@^@ %@m@@M@@@]@@}}@^@ %@@@M@@]@^@ %``@䕉@@@`@@`@@@ %@@@@@}}@@m@^@ %``@ȁ@@@M@~@@@]@ %@@@@@}}@ %@m@M@ %}}@z@m@M@]@k@ %}}@z@m@M@m@M@ %}}@z@@k@ %}}@z@}䢅@@@@@@}@ %]@]@ %]@^@ %``@Ö@@@@`@@ %@@@@@@ %@@~@M@ %@@M@@M@@]@k@}@}@]@ %@@M@ %@K@m@M@ %m@M@ %@M@ %@@@M@@]@ %@@]@k@}OOOOOkON}@k@ %}@}@]@k@}@}@]@ %]@ %@@Ln@}}@ %@@@@@]@^@ %@@^@ %``@¤@@@ %@m@~@}@M}@OO@@M@@]@OO@}]}@^@ %@@@@@@ %@m@~@m@OO@}@M}@OO@ %@K@m@M@@]@OO@}]}@^@ %@@^@ %@@@@@@ %@m@~@m@OO@}@M}@OO@@OO@}]}@^@ %@@^@ %@@@@@@ %@m@~@m@OO@}@M}@OO@@OO@}]}@^@ %@@^@ %@@@@@@ %@m@~@m@OO@}@M}@OO@@OO@ %}]}@^@ %@@^@ %@ \ No newline at end of file +SET PATH *LIBL ; + +CREATE OR REPLACE FUNCTION SAILPOINT.ES_V2_CHANGE_USER_PROFILE ( + AUTHORIZATIONNAME VARCHAR(10) , + TEXTDESCRIPTION VARCHAR(50) DEFAULT NULL , + USERCLASSNAME VARCHAR(10) DEFAULT NULL , + STATUS VARCHAR(10) DEFAULT NULL , + SETPASSWORDTOEXPIRE VARCHAR(10) DEFAULT NULL , + USEROWNER VARCHAR(10) DEFAULT NULL , + GROUPPROFILENAME VARCHAR(10) DEFAULT NULL , + ACCOUNTINGCODE VARCHAR(20) DEFAULT NULL , + JOBDESCRIPTIONNAME VARCHAR(10) DEFAULT NULL , + OUTPUTQUEUENAME VARCHAR(21) DEFAULT NULL , + MESSAGEQUEUENAME VARCHAR(21) DEFAULT NULL , + LIMITCAPABILITIES VARCHAR(10) DEFAULT NULL , + SPECIALAUTHORITIESJSON VARCHAR(1024) DEFAULT NULL , + HOMEDIRECTORY VARCHAR(255) DEFAULT NULL ) + RETURNS CLOB(2147483647) + LANGUAGE SQL + SPECIFIC SAILPOINT.V2_ESCHGUSR + NOT DETERMINISTIC + MODIFIES SQL DATA + CALLED ON NULL INPUT + NOT FENCED + SET OPTION ALWBLK = *ALLREAD , + ALWCPYDTA = *OPTIMIZE , + COMMIT = *NONE , + DBGVIEW = *SOURCE , + DECRESULT = (31, 31, 00) , + DLYPRP = *NO , + DYNDFTCOL = *NO , + DYNUSRPRF = *OWNER , + SRTSEQ = *HEX + BEGIN +DECLARE CMD_OUTPUT CLOB ( 64 K ) DEFAULT '' ; +DECLARE CMD_STMT VARCHAR ( 2048 ) DEFAULT '' ; +DECLARE ERROR_RESPONSE CLOB ( 2 G ) DEFAULT '' ; +DECLARE SPECIALAUTHS VARCHAR ( 1000 ) ; +-- Uniform error handler - returns pre-built error JSON +DECLARE CONTINUE HANDLER FOR SQLSTATE '38001' RETURN ERROR_RESPONSE ; +-- Handle QCMD exception (38501 = external routine error) +DECLARE EXIT HANDLER FOR SQLSTATE '38501' +RETURN JSON_OBJECT ( +'data' : JSON_ARRAY ( ) , +'errors' : JSON_ARRAY ( JSON_OBJECT ( +'status' : 404 , +'message' : 'User profile not found or command failed' +) ) +) ; +-- Convert JSON array to space-separated list +IF SPECIALAUTHORITIESJSON IS NOT NULL THEN +SET SPECIALAUTHS = ( +SELECT LISTAGG ( TRIM ( FRAGMENT ) , ' ' ) +FROM TABLE ( +CISTOOLS . SPLIT_STRING ( +REGEXP_REPLACE ( +CAST ( +SPECIALAUTHORITIESJSON AS VARCHAR ( 1000 ) +CCSID 37 ) , '[\[|\]|\{|\}|\""|\,|\s+]' , +' ' ) , ' ' ) +) +WHERE FRAGMENT <> '' +AND FRAGMENT IS NOT NULL ) ; +END IF ; +-- Build the command +SET CMD_STMT = 'CHGUSRPRF USRPRF(' || TRIM ( AUTHORIZATIONNAME ) || ')' ; +IF TEXTDESCRIPTION IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' TEXT(' || +CISTOOLS . GET_QUOTED ( TEXTDESCRIPTION ) || ')' ; +END IF ; +IF USERCLASSNAME IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' USRCLS(' || USERCLASSNAME || ')' ; +END IF ; +IF STATUS IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' STATUS(' || STATUS || ')' ; +END IF ; +IF SETPASSWORDTOEXPIRE IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' PWDEXP(' || SETPASSWORDTOEXPIRE || +')' ; +END IF ; +IF USEROWNER IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' OWNER(' || USEROWNER || ')' ; +END IF ; +IF GROUPPROFILENAME IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' GRPPRF(' || GROUPPROFILENAME || ')' ; +END IF ; +IF ACCOUNTINGCODE IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' ACGCDE(' || ACCOUNTINGCODE || ')' ; +END IF ; +IF JOBDESCRIPTIONNAME IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' JOBD(' || JOBDESCRIPTIONNAME || ')' ; +END IF ; +IF OUTPUTQUEUENAME IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' OUTQ(' || OUTPUTQUEUENAME || ')' ; +END IF ; +IF MESSAGEQUEUENAME IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' MSGQ(' || MESSAGEQUEUENAME || ')' ; +END IF ; +IF LIMITCAPABILITIES IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' LMTCPB(' || LIMITCAPABILITIES || ')' ; +END IF ; +IF HOMEDIRECTORY IS NOT NULL THEN +SET CMD_STMT = CMD_STMT || ' HOMEDIR(' || +CISTOOLS . GET_QUOTED ( HOMEDIRECTORY ) || ')' ; +END IF ; +IF SPECIALAUTHS IS NOT NULL +AND LENGTH ( TRIM ( SPECIALAUTHS ) ) > 0 THEN +SET CMD_STMT = CMD_STMT || ' SPCAUT(' || SPECIALAUTHS || ')' ; +END IF ; +-- Execute via QCMD and capture output +SET CMD_OUTPUT = CISTOOLS . QCMD ( CMD_STMT ) ; +-- Check if any CPF/CPD errors exist (CPF=failure, CPD=diagnostic, CPC=completio--n/success) +IF CMD_OUTPUT LIKE '%CPF%' +OR CMD_OUTPUT LIKE '%CPD%' THEN +-- Build errors array from all error lines in output +SET ERROR_RESPONSE = ( +SELECT JSON_OBJECT ( +'data' : JSON_ARRAY ( ) , 'errors' : JSON_ARRAYAGG ( +JSON_OBJECT ( +'status' : +CASE +WHEN FRAGMENT LIKE '%CPF2204%' THEN 404 +WHEN FRAGMENT LIKE '%CPF2213%' THEN 403 +WHEN FRAGMENT LIKE '%CPF2217%' THEN 423 +WHEN FRAGMENT LIKE '%CPF2225%' THEN 403 +WHEN FRAGMENT LIKE '%CPF2203%' THEN 404 +WHEN FRAGMENT LIKE '%CPF2209%' THEN 404 +WHEN FRAGMENT LIKE '%CPF2292%' THEN 403 +ELSE 500 +END , 'message' : +CASE +WHEN +FRAGMENT LIKE '%CPF2204%' +THEN 'User profile not found' +WHEN FRAGMENT LIKE '%CPF2213%' THEN +'Not authorized to change user profile' +WHEN +FRAGMENT LIKE '%CPF2217%' +THEN 'Not able to allocate user profile' +WHEN FRAGMENT LIKE '%CPF2225%' THEN +'*SECADM required to create or change user profiles' +WHEN +FRAGMENT LIKE '%CPF2203%' +THEN 'Group profile not found' +WHEN +FRAGMENT LIKE '%CPF2209%' +THEN 'Library not found' +WHEN FRAGMENT LIKE '%CPF2292%' THEN +'User profile does not have all special authorities being granted' +ELSE TRIM ( FRAGMENT ) +END +) +) +) +FROM TABLE ( +CISTOOLS . SPLIT_STRING ( CMD_OUTPUT , X'25' ) +) AS T +WHERE FRAGMENT LIKE '%CPF%' +OR FRAGMENT LIKE '%CPD%' ) ; +SIGNAL SQLSTATE '38001' ; +END IF ; +-- Success - return user info with specialAuthorities as array +RETURN +( +SELECT JSON_OBJECT ( +'data' : JSON_ARRAY ( JSON_OBJECT ( +'authorizationName' VALUE AUTHORIZATION_NAME , +'textDescription' VALUE TEXT_DESCRIPTION , +'userClassName' VALUE USER_CLASS_NAME , +'status' VALUE STATUS , +'groupProfileName' VALUE GROUP_PROFILE_NAME , +'homeDirectory' VALUE HOME_DIRECTORY , +'specialAuthorities' VALUE ( +SELECT JSON_ARRAYAGG ( +TRIM ( FRAGMENT ) +) +FROM TABLE ( +CISTOOLS . SPLIT_STRING ( +TRIM ( +CAST ( +A . SPECIAL_AUTHORITIES AS VARCHAR ( +528 ) CCSID 37 ) ) , ' ' ) +) +WHERE TRIM ( FRAGMENT ) <> '' ) , +'lastUsedTimestamp' VALUE LAST_USED_TIMESTAMP +) ) , 'errors' : JSON_ARRAY ( ) +) +FROM QSYS2 . USER_INFO A +WHERE AUTHORIZATION_NAME = UPPER ( AUTHORIZATIONNAME ) ) ; +END ; + +GRANT ALTER , EXECUTE +ON SPECIFIC FUNCTION SAILPOINT.V2_ESCHGUSR +TO AMAPICS WITH GRANT OPTION ; + +GRANT EXECUTE +ON SPECIFIC FUNCTION SAILPOINT.V2_ESCHGUSR +TO PUBLIC ; +