Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/24/2024 04:51 AM
Hi,
We have a requirement for SOD for a suite of applications that are using a whitelist of allowed combinations of entitlements.
Based on the value of a custom attribute in the entitlement, the whitelist is checked and validates the allowed combination. We need to perform and validate this at the access request stage.
We're trying to mimic a similar approach with SOD functiontality available in Saviynt. We noticed that SOD functions operates at the entitlement level, but it seems that only using the "entitlement value".
For example, this is a partial whitelist, allowing entitlements with value "Affirmer" to only be able to combined with entitlements with value "FO", "other", etc. Any other combination not present in this table in not allowed.
Affirmer | Business Treasurer |
Affirmer | FO |
Affirmer | ICFLead |
Affirmer | Other |
Affirmer | ReadOnly |
Affirmer | Requester |
We are saving these values in "customattribute21" in each entitlement.
Is there a supported approach to mimic this SOD approach with Saviynt?
Thanks
09/24/2024 09:46 AM
09/24/2024 09:56 AM
My understanding is that SOD functions are blacklists, the combination you create in the entitlements section is NOT allowed and triggers a SOD conflict .
Is there a way to use a whitelist approach, where the functions entitlement's conbination is the only possible/enabled ?
Thanks for you quick response.
09/24/2024 10:06 AM
No exclusion is not supported
Please raise idea ticket https://ideas.saviynt.com/ideas/EIC-I-5011