Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

SOD - Create Functions for entitlements with custom attributes

wronzitti
New Contributor
New Contributor

Hi,

We have a requirement for SOD for a suite of applications that are using a whitelist of allowed combinations of entitlements. 

Based on the value of a custom attribute in the entitlement, the whitelist is checked and validates the allowed combination. We need to perform and validate this at the access request stage.

We're trying to mimic a similar approach with SOD functiontality available in Saviynt. We noticed that SOD functions operates at the entitlement level, but it seems that only using the "entitlement value".

For example, this is a partial whitelist, allowing entitlements with value "Affirmer" to only be able to combined  with entitlements with value "FO", "other", etc. Any other combination not present in this table in not allowed.

 

 

AffirmerBusiness Treasurer
AffirmerFO
AffirmerICFLead
AffirmerOther
AffirmerReadOnly
AffirmerRequester
  
  

We are saving these values in "customattribute21" in each entitlement.

wronzitti_0-1727178459408.png

Is there a supported approach to mimic this SOD approach with Saviynt?

Thanks

 

3 REPLIES 3

rushikeshvartak
All-Star
All-Star
  • SOD is only supported on entitlement values and not on customproperty

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

wronzitti
New Contributor
New Contributor

My understanding is that SOD functions are blacklists, the combination you create in the entitlements section is NOT allowed and triggers a SOD conflict .

Is there a way to use a whitelist approach, where the functions entitlement's conbination is the only possible/enabled ?

wronzitti_0-1727196959754.png

 

Thanks for you quick response. 

 

No exclusion is not supported 

Please raise idea ticket https://ideas.saviynt.com/ideas/EIC-I-5011

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.