Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/04/2023 01:27 PM
Hello Team,
We disabled "Enable Recalculate SOD (Beta)" under global configuration to raise a new user account request with a violation, and it went for two levels of risk owner approval.
After disabling the option, the recalculate SOD button is not available on the request approval page and hence can't be utilized to refresh SOD violations on the request approval page if the violating role is removed prior to Risk Owner 2 approval. SOD violations appeared as expected on the request approval page for Risk Owner 2.
Once we removed the SOD violating role and the request was approved by Risk Owner 2 (without SOD recalculation), we observed that the request went to Risk Owner 1 for approval. On the request approval page for Risk Owner 1, SOD violations were appearing (though the SOD violating role was removed prior to approval by Risk Owner 2).
After Risk Owner 1 approved the request, access was provisioned as expected, and no violation appeared in the SOD workbench.
Our concern is that when Risk Owner 2 approves the request and the violating role is removed before the approval, then on the Risk Owner 1 approval page, the violation should be removed, but here it remains the same as on the Risk Owner 2 approval page. For Risk Owner 1, it creates confusion about whether a violation is there or not.
As of now, we are using a serial-type workflow.
Do you have any resolutions to avoid this confusion?
Regards,
Satyam
08/08/2023 02:19 PM
@ssingh16 how is the violating role removed when the request is still pending for the user?Is violating role part of the request or you are saying it is already assigned to the user and you are removing it by creating another request before this risk owner approval is done?
08/09/2023 07:41 AM
yes, the below step process is followed to remove a violating role:
1. First, Assigned a role "A" assigned separately to the user
2. Raise a request for another role "B",
3. Remove the first assigned role "A", before approval from Risk Owner 2.
08/17/2023 09:34 AM
@ssingh16 in this scenario the only way to recalculate SOD is to use the 'Recalculate SOD' feature. Otherwise Saviynt does not do an auto calculation of SOD at every step.
08/18/2023 08:38 AM
Thanks, @Sai, for the update!
If it is possible to make some modifications or changes at the workflow level, then it might be working. I mean to say that at workflow, can we add this recalculate SOD feature? Could you please share your insights on this?
08/21/2023 04:51 PM
@ssingh16 No, recalculate is not supported at workflow level.
08/22/2023 01:08 PM
Thanks for the information!