Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/11/2023 12:46 AM - edited 05/11/2023 01:33 AM
Background: For an endpoint E1, there are multiple Application Roles (AR1, AR2, AR3 etc) configured. There is also separate E2 and E3 endpoint (Different security systems) with Ent1, Ent2, and Ent3 entitlements and Ent4, Ent5, and Ent6 entitlements respectively.
Requirement: The user let's say requests application access- E1 for an Application Role AR1 (contains Ent1, Ent2, and Ent3 entitlements)and AR2 (contains Ent4, Ent5, and Ent6 entitlements).
Expectation: A total of 12 tasks should get created under the pending task after request approval.
6 pending tasks - E1 (Logical Endpoint Name)
3 pending tasks - E2 (Endpoint Name)
3 pending tasks - E3 (Endpoint Name)
Application Role | Parent Endpoint | Child Endpoint | Entitlements |
AR1 | E2 | E1 | Ent1,Ent2,Ent3 |
AR2 | E3 | E1 | Ent4,Ent5,Ent6 |
This is similar to what we do in entitlement value<>other entitlement details<> entitlement map by enabling dependent task but I want to request application role instead of entitlement value and trigger dependent task.
Thanks,
05/16/2023 03:11 AM
Hello @mayankshah.,
You can consider utilizing an Enterprise Role for the use case mentioned above.
For Ref: https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter06-Configuring-EIC/Configuri...
05/16/2023 03:47 AM
Hi Sudesh,
Although I wanted to implement this by application role but would be interesting to look at the perspective of the Enterprise Role.
I went through the link but couldn't find anything of much help. Would you be so kind to explain this in more details?
Thanks ,
05/16/2023 03:57 AM
Hello @mayankshah,
The concept of the application roles and the enterprise roles are comparable, with one key distinction. the Application roles are limited to having entitlements from a single application, whereas enterprise roles can encompass entitlements from various applications.
Thanks,