Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Entitlements Values in Workflow

jezzanuena
Regular Contributor II
Regular Contributor II

Is there any way that in a Workflow, if a user requested for AppEntRead while the account is already added to AppEntDelete the request will be rejected?

OR

When the user requested for both entitlements, request will be rejected.

The two entitlements has the same prefix which is AppEnt.

We've tried SOD in this requirement but not possible as we are using dynamic attribute to show the entitlements. 

3 REPLIES 3

NM
Honored Contributor III
Honored Contributor III

Hi @jezzanuena , it should still show violation if you have configured.

Are these only 2 entitlement that are present in endpoint?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

jezzanuena
Regular Contributor II
Regular Contributor II

Hi @NM Yes. All entitlements are in one endpoint. However,. if we use SOD, newly created AD groups will be not be processed.

This case if for CyberArk Safe access provisioning wherein each safe have sets of AD groups e.g. Read and Delete.

You can’t check existing entitlement in workflow directly If you want to check then use groovy query in if else block


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.