and more in a single search tool across platforms. Read the announcement here. |
04/12/2022 01:14 PM
We have implemented a dynamic rule based birthright ( technical ) rule, where users are added to an entitlements based on their title. We have selected the "Remove Birthright Access if condition fails" option. This rule will automatically grant an entitlement with the same name as that of the user's customproperty40 attribute.
However, when a user customproperty40 attribute is updated, we require that the old entitlement be removed and the new one be assigned. We have created a user update rule to re run provisioning rules, which we believe should make this happen.
However this is not happening - neither the old entitlement is removed nor the new one assigned.
Can anyone confirm whether dynamic rules support remove on fail scenario?
Also we noticed a "Remove birthright fail access" as an available action on User Update rules. Does anyone know what this does?
Solved! Go to Solution.
04/12/2022 02:39 PM
Hi Ajit,
Based on the configs that you have shared, this looks like an older version of Saviynt, do you know which version is it ?
For your use case, ensure the following are set.
1) The user update rule is set to trigger on the CP40 update (with is Updated as the first condition)
2) The update rules is configured to trigger the technical rules (see if your version can trigger the specific technical rule rather than all)
3) Ensure that the source of the update matches the rules config i.e Detective checked = update from any import and Detective unchecked = updated from the UI (for older version)
Regards,
Avinash Chhetri