Saviynt Forums

satyajeet · ‎07/11/2023

Hello Team,

Could you please help on the below use case.

A Enterprise Role is having some [15] entitlements from SAP application. A user got provisioned to the enterprise role. He has been assigned with all the entitlements present in the Enterprise Role.

We have removed few entitlements [3] from user profile that are part of Enterprise Role, directly in SAP application. Saviynt is not assigning back the removed entitlements automatically to user even if user user is still assigned with the Enterprise Role.

Could you please help me how we can achieve this in Saviynt.

Regards,
Satyajeet

dgandhi · ‎07/11/2023

Why would you remove few entitlements directly from the target?

Thanks,
Devang Gandhi
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

satyajeet · ‎07/12/2023

Hello Devang,

We have observed that Entitlements are removed directly by Target Team. To mitigate it and re-process all the birthright accesses , we are looking for an option.

Regards,
Satyajeet

dgandhi · ‎07/13/2023

If the entitlements (which are part of role) are directly removed from target and Saviynt doesnt have any visibility of same , then Saviynt wont be able to add it back. This is wrong from compliance point of view as there wont be any audit regarding how the access got removed from the users account.

Thanks,
Devang Gandhi
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

rushikeshvartak · ‎07/12/2023

in v5.5 there is no feature to implement this. You need to create actionable analytics and assign / populate assigned from roles property for entitlement

Regards,
Rushikesh Vartak

Saviynt Forums

Entitlements part of enterprise roles not getting assigned back to user upon removal from Target