Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Birthright Role Assignment not working

varunpuri
Regular Contributor
Regular Contributor

‎08/12/2023 06:13 PM

Hi,

We have an enterprise role created in our environment which has to be provided to every user getting created within Saviynt.
We have created this enterprise role in the system and also configured one technical rule to ensure that the user gets this role. But, this role is NOT tagged to any entitlement on any downstream system. Just this role has to be assigned.

Problem : When we create the user through import, we can see that in the logs, Saviynt has picked up this role for assignment, but eventually has not assigned it. Can you please help here in understanding the issue ?

Best Regards,
Varun

Labels:
0 Kudos
8 REPLIES 8

rushikeshvartak
All-Star
All-Star

‎08/12/2023 08:11 PM

Every role should have at least one entitlement tagged to it. 

what is rational behind not keeping any entitlement tagged to role ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

varunpuri
Regular Contributor
Regular Contributor

‎08/13/2023 01:42 AM

Hello @rushikeshvartak ,

We have to run the initial load for around 2K users in Saviynt (first time data load from source system and then initial account sync from target systems).
These users already have AD groups assigned to them in the target and those groups will come in as entitlements when we run the account import from AD.
But, these users will not get the Role in Saviynt. In order to provide these initial set of users, the relevant roles, we just configured Roles within the Technical Rules but did not associate Roles with any entitlement.
As you mentioned, without entitlement attached to the Role, Saviynt is not assigning only Role to the user via Technical Rules.
Any other way to achieve this apart from the CSV upload procedure to associate Role with user ?

Best Regards,
Varun

0 Kudos

pmahalle
All-Star
All-Star
In response to varunpuri

‎08/13/2023 06:28 AM - edited ‎08/13/2023 06:54 AM

Hi @varunpuri ,

In order to achieve your use case, assign enterprise roles to those 2K users using Bulk Upload request,  instead of creating enterprise role without entitlements, which will not assign enterprise role to those users. Bulk Upload request will help you to assign Enterprise role as well as not assign same AD group twice to users.

Follow below steps to assign Enterprise roles using bulk upload option after AD access recon so that users already have entitlements/ groups assigned in Saviynt.

1. Attached the workflow (preferably the auto approval workflow and do not use OOTB workflow) under Global configurations > Request > Bulk > Auto Approve Workflow for Multiuser request upload. 

2. Navigate to Request Home --> Request Access for Others - Multi Users -->Actions -->Bulk Upload Request.

3. Browse and attach the excel file. I have attached the sample file here, update with your details and don't change the format while saving the file.`

4. Select "What type of request do you want to upload?" : Access

5. Click Run Now.

pmahalle_0-1691932379673.png

6. After you upload the file, it will create completed Add Access task with status "No Action Required" since user already had entitlements assigned present in an enterprise role and also assign enterprise role.

Please let me know if it helps.

 


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
Preview file
19 KB
0 Kudos

varunpuri
Regular Contributor
Regular Contributor
In response to pmahalle

‎08/21/2023 07:57 AM

Hello @pmahalle ,

Does this method of bulk associating Roles with Users also ensure that a particular user also gets the account of the application whose entitlements are bundled within the Enterprise Role which is being associated with the given user through this method ?

Will a corresponding New Account task also get generated (for the application whose entitlement is bundled within the Role which is being assigned to the user) with status "No Action Required" ? 

I am asking this question because at the database level also, I saw that there is a table by the name role_user_account which stores the association between user and role through an account linkage.

But there is NO table which stores only the linkage between role and user. Please correct me if I am wrong.

Best Regards,
Varun

0 Kudos

pmahalle
All-Star
All-Star
In response to varunpuri

‎08/21/2023 09:52 AM

Hi @varunpuri ,

Does this method of bulk associating Roles with Users also ensure that a particular user also gets the account of the application whose entitlements are bundled within the Enterprise Role which is being associated with the given user through this method ?

--> Yes, it should. When you assign the roles through bulk upload, in the backend, it works like raising request through ARS. You can check it.

Will a corresponding New Account task also get generated (for the application whose entitlement is bundled within the Role which is being assigned to the user) with status "No Action Required" ?

--> No it will not create New Account task with No Action Required if account already exists.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to varunpuri

‎08/13/2023 07:21 AM

Use bulk upload using excel

Request Home --> Request Access for Others - Multi Users -->Actions -->Bulk Upload Request —> Role

https://docs.saviyntcloud.com/bundle/SSM-User-v55x/page/Content/02-mang-ars/ars-req-accs-mult-usr.ht...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

varunpuri
Regular Contributor
Regular Contributor

‎08/13/2023 09:38 PM

Thank You, @pmahalle and @rushikeshvartak ,

One more question, I tried to associate the Role with User using Upload Role Associations feature in the Role Management page. I was able to associate the Role with user by specifying the column Role Users in the csv. It worked. Is this method not an appropriate way of achieving this use case ?

Best Regards,
Varun

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to varunpuri

‎08/13/2023 09:46 PM

Using Admin having some limitation hence use from ARS/Request modufle


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC