04/12/2022 01:21 PM
We have noticed that the Delete icon (the trash can) does not show for AD Groups on the Manage AD Groups screen until after you try to edit the group. As soon as you click the Edit icon and then back out to the list of groups, the Delete icon then shows up.
Anyone else seeing this behavior? Working in v2020.0
Solved! Go to Solution.
04/12/2022 03:07 PM
Hello Chris,
Group Management for AD is implemented using the Role Object. The Manage AD Groups shows all your "active" AD Groups (entitlements) which was imported using the connector.
The AD Groups that were already existing in your AD i.e. not created by Saviynt but are active do not have a corresponding role object in Saviynt, hence you do not see a delete icon.
As soon as you click on the edit icon, a corresponding role object is created. During this operation, if you check the URL, there is a -1 in place of a rolekey and you are re-directed to the roles page, which means the role did not initially exist but the "edit" operation created a role object. Now if you go back and perform the same operation, instead of the -1, you now see an actual rolekey for the role object.
Hence, you do not see an delete icon for "all" the AD Groups under Manage AD Groups because the corresponding role object (which Saviynt uses for Group Management) does not yet exist.
Hope it helps.
Regards,
Avinash Chhetri
04/12/2022 03:07 PM
Thanks Avinash, this makes sense. The client we're working with isn't thrilled with having to click Edit first, but I understand why it is working this way. Maybe something to change in future releases.
Thanks for the quick response!