Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Automatically Revert Access for Movers

yodeler
New Contributor II
New Contributor II

‎10/25/2023 08:23 AM

We are trying to improve security related to movers. There is second and third level organization data that we receive into the user data from our HR system. We would like to be able to detect a change on that field and take action on the user's role membership at a later date. These are two acceptable solutions.

- Upon detection of field change, capture current role membership. After 30 days, automatically remove all roles in that captured list except for birthright. (I don't believe this is possible to do)

- After 30 days from a move detected, remove all roles except birthright that have not been requested in the past 30 days.

So far in the brainstorming, the second option seems possibly feasible. I thought with a saviynt to saviynt connection and job, we could possibly query the update history along with dates and role request history to put together a removal list. The only issue is we cannot update roles through user import... is there a way we could accomplish what we are trying to do? What are other customers doing to handle organization moves and access?

Labels:
0 Kudos
2 REPLIES 2

mbinsale
Saviynt Employee
Saviynt Employee

‎10/26/2023 09:49 AM - edited ‎10/26/2023 09:49 AM

For both scenarios you can write an automated actionable analytical control and do this. The idea that you have about the query can be put in a analytical query and make it an actionable control and schedule it to run every day.

 

Just ensure that the query is optimized to not cause performance issues and / or deadlocks.

0 Kudos

yodeler
New Contributor II
New Contributor II
In response to mbinsale

‎10/26/2023 10:26 AM

@mbinsale I have only seen Deprovision access for analytics that pull in the entitlements. I have not found a way in analytics to remove enterprise roles from users. We wouldn't just be able to remove access from the accounts. Is there a way to remove the actual roles from users in the analytics?  

0 Kudos
Copyright © 2024 Khoros, LLC