We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.
No ratings
ParitaSavla
Saviynt Employee
Saviynt Employee

Use Case:

Sometimes due to faulty import runs or some other conditions the assignedfromroles value in Account_entitlements1 table is not populated as well as the role_user_account has accountkey which are not in Active status. This may lead to incorrect role removals or certification data issue incase the assignedfromroles flag is used to filter data during campaign launch. The Role to User Mapping (Role Retrofit) helps to fix this data mismatch. Which role to user mappings will be repaired using the Repair Role to User Mapping (Role Retrofit) feature is outlined in the solution below.

Application Version:

23.2 and above

Solution:

The below data misfits will be addressed using the Repair Role to User Mapping (Role Retrofit) Feature

1. If the role_user_account (Role to User Correlation) table has an accountkey that represents an account with Status as 'Suspended From Import Service' or 'Inactive' or 'Manually Suspended' and if the user also has an Active account in the same endpoint, the  previous accountkey will be replaced with the Active accountkey in role_user_account table.

2. If the role_user_account (Role to User Correlation) has a table entry and the corresponding account_entitlements1 (for Active Account) has an entry and assignedfromroles (Correlation explaining that a particular entitlement is part of the account because of a particular role that belongs to the User Identity) is not populated in account_entitlements1 with the corresponding rolekey, then using this feature one can populate the assignedfromroles column in account_entitlements1 table with the correct rolekey.

This feature does not help with creating tasks if the Role to User Correlation Exists and a corresponding account does not have the required entitlement. The RoleAccessMismatchJob can be used to identify such roles.

Comments
rushikeshvartak
All-Star
All-Star

Do we get extract of impacted mapping before and after of execution ? Do you have query?

yogesh
Regular Contributor III
Regular Contributor III

Just gave feedback on the docs portal to add this information in the docs.
https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...

After reading the docs link above I had absolutely no idea what this job does... but this forum post clearly explains what should be in the docs.

And this callout is especially very helpful as I had this same misunderstanding after reading the docs:

"This feature does not help with creating tasks if the Role to User Correlation Exists and a corresponding account does not have the required entitlement. The RoleAccessMismatchJob can be used to identify such roles."

shibinvpkvr
Regular Contributor II
Regular Contributor II

We noticed after access import, assignedfromroles values getting cleared in account_entitlements1 table and we had to run role repair after every access import. Is that expected or a bug? We are in 23.8 version.

Vinay_K_N
New Contributor II
New Contributor II

So, to check the impacted users we need to write a query to check the missing assignedfromroles rolekeys in account_entitlements1 table and another query to check the role_user_account table of account status?

Version history
Last update:
‎03/08/2023 01:50 PM
Updated by:
Contributors