and more in a single search tool across platforms. Read the announcement here. |
02/06/2024 10:04 PM
Hello Team,
While going through various posts and FD Docs, I was unable to find a way to run SOD evaluation for Enterprise Roles.
I see its mentioned that SOD run on entitlements and not on roles.
Can someone suggest the best way to achive this in EIC?
Solved! Go to Solution.
02/06/2024 10:27 PM
You check under Role - SOD tab
02/06/2024 11:10 PM
@rushikeshvartak I have created 2 Enterprise Roles
Now created a Risk
For both the function added the enterprise role
But when i am requesting the 2 enterprise role sod is not reflecting.
Note the 2 entitlements you see above is showing as part of SAv to SAV integration.
Already enabled global config also for sod evaluation for EP role.
Anyhow the SOD is not getting evaluated and does not show to requestor (Admin SAv ROle already assigned with Show SOD violation) and neither on the Role > SOD Screen.
Qn:
In function ent mapping of function do i need to add all the ent of enterprise role or if i add the role name will work?
02/06/2024 11:38 PM
@rushikeshvartak we tried adding the entitlements of the role into functions ie.e
we create 2 different function and added ent of 1 EP role to 1 function and ent of 2nd EP Role to 2nd function.
SOD now got evaluated and we are able to see violation. Anyhow adding the role name in function does not work for me.
Also the screenshot you shared under Role > SOD Tab, i dont see anything in my instance.
V23.11 Am i missing here anything?
We see the violation in workbench
02/07/2024 06:44 AM
If sod exists within entitlement in role then it will be visible under role - sod tab
02/07/2024 09:10 PM
@rushikeshvartak as per above screenshot, you can see the SOD was detected on the entitlements and also displayed in SOD workbench open state.
Anyhow navigating to that roles > SOD tab we dont see anything.
Is there any job to get that reflected?
02/07/2024 09:43 PM
No job
02/07/2024 11:47 PM
Is this a bug? I dont see the violation details in tab.
02/08/2024 09:42 PM
Does role have all entitlements which are violating sod.
02/08/2024 09:54 PM
Yes
02/08/2024 10:19 PM
02/15/2024 07:43 PM
@rushikeshvartak here it is :
02/15/2024 08:35 PM
Both Entitlements are in same function and not different
02/15/2024 08:41 PM
@rushikeshvartak as i mentioned we created 2 different function.
Func 1 : It has all the entiltments of Role 1 into it
Func 2: It has all the entitlements of Role 2
When we are rasing the request we can see the conflict on ARS page.
When we are approving and running the prov job the conflict shows up in workbench.
Whereas on navigating to the Role > SOD it does not show
Am i missing anything?
02/15/2024 08:46 PM
Role --> SOD tab only show SOD if Entitlements contained in role are self violating not Role1 vs Role2
02/15/2024 08:50 PM
So What i understand is this tab will only show the conflicts of entitlement within a role and not cross role?
If this is correct understanding?
Further, how can we configure conflicts between 2 EP role.
I mean Role 1 Vs Role 2
02/15/2024 08:55 PM
So What i understand is this tab will only show the conflicts of entitlement within a role and not cross role?
If this is correct understanding? Yes
Further, how can we configure conflicts between 2 EP role.
I mean Role 1 Vs Role 2 --> SoD Only supported on Entitlements