Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/20/2023 06:25 AM
Hello All,
We have a scenario for one application that has 10 entitlements (ent1 - ent10) in one group, and if a user is request access or has access to any one of them from the group they cannot request another one from the same group.
So to achieve this we created 1 function with all 10 entitlements with "or" and then added the same function as function1 and function2 of risk. In this case, a fresh user requesting his/her first entitlement as well throws SoD violation. We would like to know how can we fix this.
07/24/2023 10:55 AM
@sandeepsingh This can be driven through ARS itself. You would not need SOD.
You can use dynamic attributes in the requests to filter by the group and then you can have only entitlement being requested at once using the 'single select' option in the entitlementtype configurations.
This will restrict users from requesting multiple entitlements from the same group.
08/07/2023 08:35 AM
Hi @sai_sp ,
I have a similar required as Described and we have multiple ground (around 20 groups) with set of 7-8 entitlement beloning to same group.
User cannot have the accesses from the same group. So would this require me to create 20 different entitlement type? Is that correct?
If thats the case then do we have any alternate approach to achieve this?
Thanks in advance
08/08/2023 09:10 AM
You can use the same approach I've mentioned above. Use dynamic attributes to select the group and then have a single select drop down for the entitlement type then you will only be able to request for one entitlement from each group.