Saviynt Forums

Community_User · ‎04/12/2022

Originally posted on May 28 2020 at 12:25 UTC

Let's say that Role1 has entitlements A, B and C
And User is assigned Role1

If entitlement A is removed, Saviynt does allow it to happen and the User is still listed under Users tab for Role1.

Questions:
1. Is this the expected behaviour of Saviynt?

2. Should handling of individual entitlements that belong to roles be prevented with configuration? Is there a better way than filtering those from being requested (Config for requestable/selected entitlement in ARS option)

3. What is the best way to maintain the role's users list updated?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on May 28 2020 at 12:57 UTC

We had a discussion about this in training. The consensus from instructors in the room was that a custom analytics control was the best option for this. The idea is that you have an analytics evaluate membership in a role, and evaluate that entitlements are assigned. When the analytic finds an entitlement missing, you can have an automatic action run that reassigns the entitlement. Haven't seen an example, so this is theoretical.

--Jim

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Saviynt Forums

What is the recommended practice for handling and maintaining entitlements that belong to roles?