Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Proper use of Birthright/Remove Birthright option in Tech Rules

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 4 2020 at 16:07 UTC

I am trying to get some clarification on the proper use of the options Birthright and Remove Birthright access if condition fails.


We currently have almost all of our technical rules setup with both of these options turned on. Our intention is that if the user meets the requirements of the rule they get the permissions and that it be removed once they no longer meet the rule.


For example, if their jobcode = Code1 they are granted the access in the rule. We then select birthright and remove birthright options. Does this access get revoked only from users that have met the requirements of the rule and then later changes? Or does this remove access listed from any user that doesn't meet the requirements of the rule?


The documentation seems to be worded that on any update a user that doesn't meet the birthright rule would have that access removed.


Do we even really need to set these rules up as birthright rules?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
1 REPLY 1

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 4 2020 at 23:25 UTC

Hi Adam,


Good afternoon!


Taking your example

For example, if their jobcode = Code1 they are granted the access in the rule. We then select birthright and remove birthright options.

Access get revoked only from users that have met the requirements of the rule and got the access via the rule and then later user attribute gets updated and no longer match the rule condition


Will have our documentation check on wording and fix it


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.