Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:00 PM
I am trying to get some clarification on the proper use of the options Birthright and Remove Birthright access if condition fails.
We currently have almost all of our technical rules setup with both of these options turned on. Our intention is that if the user meets the requirements of the rule they get the permissions and that it be removed once they no longer meet the rule.
For example, if their jobcode = Code1 they are granted the access in the rule. We then select birthright and remove birthright options. Does this access get revoked only from users that have met the requirements of the rule and then later changes? Or does this remove access listed from any user that doesn't meet the requirements of the rule?
The documentation seems to be worded that on any update a user that doesn't meet the birthright rule would have that access removed.
Do we even really need to set these rules up as birthright rules?
Solved! Go to Solution.
04/12/2022 02:08 PM
Hi Adam,
Good afternoon!
Taking your example
For example, if their jobcode = Code1 they are granted the access in the rule. We then select birthright and remove birthright options.
Access get revoked only from users that have met the requirements of the rule and got the access via the rule and then later user attribute gets updated and no longer match the rule condition
Will have our documentation check on wording and fix it