and more in a single search tool across platforms. Read the announcement here. |
02/28/2024 04:38 AM
Hi Team,
When an Add Access is executed from SIGA, It usually checks if user's account has entitlement mapping present, if it is already present, the tasks completes with status no Action requried.
But recently I have observed even if the user had Account-Entitlement present, the task completed with "Completed" status.
could you please help me to understand how Saviynt algoritm/flow on what all checks it internally performs on executing AddAccess to for marking status as Completed/No Action Required
03/01/2024 01:14 AM
I appreciate you reaching out to the Saviynt forums.
Could you please share more information about the product behavior you have observed?
1. When there is already an existing entitlement with the account, are you trying to add the same entitlement to the same account?
2. What is the process you are following to do the same - are you doing any schema upload/requesting through ARS?
3. Is the 2nd task being which is showing status as completed have same entitlement type as the existing entitlement's entitlement type?
4. What do you see in the associated entitlements for the account post the completed task?
5. Is the change in behavior observed post any recent upgrade? If yes- from which version to which version ?
Could you please share screenshots to explain the issue more?
Regards,
Dhruv Sharma
03/03/2024 08:47 PM
1. When there is already an existing entitlement with the account, are you trying to add the same entitlement to the same account?
> Yes. I am trying to add the enttilement to the roleB , and that entitlement is alread part of role A. (user A is present in Role A and Role B both)
2. What is the process you are following to do the same - are you doing any schema upload/requesting through ARS?
> I am adding an entitlement to the role from UI.
3. Is the 2nd task being which is showing status as completed have same entitlement type as the existing entitlement's entitlement type?
>Yes
4. What do you see in the associated entitlements for the account post the completed task?
> I see the entitlements mapping as it was already before the task was in pending.
5. Is the change in behavior observed post any recent upgrade? If yes- from which version to which version ?
>No no recent upgrade , my version is 5.5 SP 3
03/03/2024 11:21 PM
Thanks for the above information. This issue seems to be similar to a known bug which expected to be fixed in 24.4. We will also test and confirm if this is replicable in current version.
Regards,
Dhruv Sharma
03/05/2024 06:32 AM
I have tested in the latest version and following are the observations.
If the user is already part of Role1 with Ent1 and user is then added to Role2 which have Ent1, Ent2 then add access task get created for only the Ent2 and no task is created for Ent1 which is already present.
As the issue raised by you is in very old version, whenever the environment is upgraded to latest EIC versions, you will observe the current version behaviour which is also as ideal behavior as there should be no task creation for the entitlement which is already there.
Regards,
Dhruv Sharma