Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best Practice for Enterprise Role SOD Evaluation

Go to solution
Manu269
All-Star
All-Star

‎02/06/2024 10:04 PM

Hello Team,

While going through various posts and FD Docs, I was unable to find a way to run SOD evaluation for Enterprise Roles.

I see its mentioned that SOD run on entitlements and not on roles.

Can someone suggest the best way to achive this in EIC?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos
16 REPLIES 16

Go to solution
rushikeshvartak
All-Star
All-Star

‎02/06/2024 10:27 PM

You check under Role - SOD tab

rushikeshvartak_0-1707287251032.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/06/2024 11:10 PM

@rushikeshvartak I have created 2 Enterprise Roles

Manu269_0-1707289467719.pngManu269_1-1707289487241.png

 

Now created a Risk

Manu269_2-1707289532829.png

For both the function added the enterprise role

 

Manu269_5-1707289622200.pngManu269_6-1707289636577.png

But when i am requesting the 2 enterprise role sod is not reflecting.

Note the 2 entitlements you see above is showing as part of SAv to SAV integration.

Already enabled global config also for sod evaluation for EP role.

Anyhow the SOD is not getting evaluated and does not show to requestor (Admin SAv ROle already assigned with Show SOD violation) and neither on the Role > SOD Screen.

Qn:

In function ent mapping of function do i need to add all the ent of enterprise role or if i add the role name will work?

 

 

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/06/2024 11:38 PM

@rushikeshvartak we tried adding the entitlements of the role into functions ie.e

we create 2 different function and added ent of 1 EP role to 1 function and ent of 2nd EP Role to 2nd function.

SOD now got evaluated and we are able to see violation. Anyhow adding the role name in function does not work for me.

Also the screenshot you shared under Role > SOD Tab, i dont see anything in my instance.

V23.11 Am i missing here anything?

Manu269_0-1707291467112.pngManu269_1-1707291490024.png

We see the violation in workbench

Manu269_2-1707291521810.png

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/07/2024 06:44 AM

If sod exists within entitlement in role then it will be visible under role - sod tab


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/07/2024 09:10 PM

@rushikeshvartak as per above screenshot, you can see the SOD was detected on the entitlements and also displayed in SOD workbench open state.

Anyhow navigating to that roles > SOD tab we dont see anything.

Is there any job to get that reflected?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/07/2024 09:43 PM

No job


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/07/2024 11:47 PM

Is this a bug? I dont see the violation details in tab.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/08/2024 09:42 PM

Does role have all entitlements which are violating sod.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star
In response to rushikeshvartak

‎02/08/2024 09:54 PM

Yes

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/08/2024 10:19 PM

  • Share ROle - Entitlement Screenshot
  • and share those entitlement are violating from SOD - RIsk

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/15/2024 07:43 PM

@rushikeshvartak here it is :

Manu269_0-1708054950478.pngManu269_1-1708054991465.pngManu269_2-1708055003978.png

 

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/15/2024 08:35 PM

Both Entitlements are in same function and not different 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/15/2024 08:41 PM

@rushikeshvartak  as i mentioned we created 2 different function.

Func 1 : It has all the entiltments of Role 1 into it

Func 2: It has all the entitlements of Role 2

When we are rasing the request we can see the conflict on ARS page.

When we are approving and running the prov job the conflict shows up in workbench.

Whereas on navigating to the Role > SOD it does not show

Am i missing anything?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/15/2024 08:46 PM

Role --> SOD tab only show SOD if Entitlements contained in role are self violating not Role1 vs Role2


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎02/15/2024 08:50 PM

So What i understand is this tab will only show the conflicts of entitlement within a role and not cross role?

If this is correct understanding?

Further, how can we configure conflicts between 2 EP role.

I mean Role 1 Vs Role 2

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Manu269

‎02/15/2024 08:55 PM

So What i understand is this tab will only show the conflicts of entitlement within a role and not cross role? 

If this is correct understanding? Yes

Further, how can we configure conflicts between 2 EP role.

I mean Role 1 Vs Role 2 --> SoD Only supported on Entitlements

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
Copyright © 2024 Khoros, LLC