Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:56 PM
Let's say that Role1 has entitlements A, B and C
And User is assigned Role1
If entitlement A is removed, Saviynt does allow it to happen and the User is still listed under Users tab for Role1.
Questions:
1. Is this the expected behaviour of Saviynt?
2. Should handling of individual entitlements that belong to roles be prevented with configuration? Is there a better way than filtering those from being requested (Config for requestable/selected entitlement in ARS option)
3. What is the best way to maintain the role's users list updated?
Solved! Go to Solution.
04/12/2022 01:56 PM
We had a discussion about this in training. The consensus from instructors in the room was that a custom analytics control was the best option for this. The idea is that you have an analytics evaluate membership in a role, and evaluate that entitlements are assigned. When the analytic finds an entitlement missing, you can have an automatic action run that reassigns the entitlement. Haven't seen an example, so this is theoretical.
--Jim