Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Access certification granted through filter

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 24 2022 at 17:28 UTC

When running a user manager certification, on the access review section (Step 2) there is a column labeled granted through that can be used to explain how the user received the entitlement.  This is pulled from the arstasks table - source type column.


Access added through analytics and provisioning rules are a big part of the automation in our environment and do not need to be attested to in this type of campaign. How can we exclude these from being visible to certifiers in a campaign?


Thanks,

Chris

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
1 REPLY 1

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 25 2022 at 16:42 UTC

Hello Chris,


When the access is provisioned in Saviynt, the account to entitlement mapping sits in the account_entitlements1 table.


If the assignment has happened via Rule or Role, then the column ASSIGNEDFROMROLES and ASSIGNEDFROMRULE in  account_entitlements1 table is populated against the entry (accountkey-entitlement_valuekey mapping).

While configuring the campaign, you could make use of  "Account Entitlements1 Query" under "Advanced Campaign Configuration" and add a query to include/exclude entitlements with the data or lack of it in the aforementioned columns. 


However, when access is assigned from an Analytics, I'm not sure if anything is updated on the account_entitlements1 table that can be utilized.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.