below step can be added to LCM Provisioning for notifing permission object business owner.
in this case we have added a custom Attribute type Identity to Role Configruation which present the organization business owner which require to get notification on requests adding/removing uesrs from roles.
same can be apply for entitlements.
in LCM Provisioning we added as last step the following step
<Step icon="Default" name="Notify Role Owner" posX="1062" posY="114">
<Script>
<Source>
import java.util.List;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.Bundle;
import sailpoint.object.Identity;
import sailpoint.object.EmailOptions;
import sailpoint.object.EmailTemplate;
List requests = plan.getAccountRequests();
String userName=identityName;
for (AccountRequest req : requests )
{
for ( AttributeRequest attr : req.getAttributeRequests() )
{
String actionType = attr.getName(); / return if operation is assignedRoles or removedRoles
Operation operation = attr.getOperation(); // return if operation is add or remove
if (actionType=="assignedRoles" || actionType=="removedRoles")
{
String roleName = attr.getValue();
Bundle bundleObject = context.getObjectByName(Bundle.class, roleName);
String owner = bundleObject.getAttribute("businessOwner");
// if role has business owner attribute we will send him mail
if (owner!=null)
{
EmailOptions options = new EmailOptions();
EmailTemplate emailTemp = context.getObjectByName(EmailTemplate.class, "Alert Role Owner on Role assignments");
options.setTo(owner);
options.setVariable("operation",operation);
options.setVariable("roleName",roleName);
options.setVariable("userName",userName);
context.sendEmailNotification(emailTemp, options);
}
}
}
}
</Source>
</Script>
<Transition to="end"/>
</Step>