Capabilities Crawler

At WedaCon Informationstechnologien GmbH, we specialize in Identity and Access Management (IAM), helping organizations unlock the full potential of SailPoint IdentityIQ (IIQ). Beyond core platform capabilities, we assist clients in creating tailored solutions to their needs.

One area that often causes friction for IIQ teams is understanding where entitlements are actually used. While IIQ’s UI lists the SpRights in the system, it does not provide insight into where these rights are checked in the application code. This gap can make audits, testing, and compliance reviews error-prone.

The Challenge

Generating accurate, actionable reports on SpRights usage in the frontend can be tricky:

• Complex Structures: Rights may be checked in multiple components, routes, or templates, requiring developers to manually comb through code.
• Dynamic and Conditional Usage: Some rights are applied conditionally (e.g., time-limited access or context-dependent guards), making static inspection in IIQ insufficient.
• UI Limitations: Native IIQ dashboards show which rights exist but not how they map to actual buttons, pages, or Angular routes in the frontend.
• Manual Effort & Risk: Without automation, teams rely on ad-hoc scripts, manual checks, or guesswork, slowing audits and risking missed controls.

The Goal

The goal is to gain complete visibility of SpRights usage in the frontend, so organizations can:

• See exactly which components, routes, and UI elements are protected by specific rights
• Produce an auditable, exportable report
• Reduce manual effort and operational risk
• Identify unused or redundant rights

With this approach, teams get actionable insights into the real access rights that are actually used.

The Implementation

To solve this, we developed a custom script that:

• Traverses the code recursively.
• Scans HTML templates for SpRight attributes.
• Extracts metadata for each occurrence: file path, rights, link/route, and visible hints.
• Generates an easy readable Excel report for analysis and auditing.

This approach allows teams to see exactly where each SpRight is enforced, bridging the gap between IIQ’s database-centric view and the live code.

Benefits of This Approach

• Complete Visibility: See exactly which SpRights are used and where.
• Audit & Compliance Ready: Produce Excel reports for regulators, QA, or internal reviews.
• Time-Saving: No need to manually inspect hundreds of files.
• Actionable Insights: Identify unused or redundant rights, spot inconsistencies, and reduce technical debt.

Get in Touch

If you want to enhance your SailPoint IIQ deployment with actionable insights, WedaCon is here to help. Contact us to learn more about custom scripts for your IIQ instance, IIQ plugin development, and tailored IAM solutions.