Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/08/2024 02:44 AM - edited 08/08/2024 02:46 AM
Is there any way that in a Workflow, if a user requested for AppEntRead while the account is already added to AppEntDelete the request will be rejected?
OR
When the user requested for both entitlements, request will be rejected.
The two entitlements has the same prefix which is AppEnt.
We've tried SOD in this requirement but not possible as we are using dynamic attribute to show the entitlements.
08/08/2024 02:46 AM - edited 08/08/2024 02:47 AM
Hi @jezzanuena , it should still show violation if you have configured.
Are these only 2 entitlement that are present in endpoint?
08/08/2024 03:01 AM - edited 08/08/2024 03:01 AM
Hi @NM Yes. All entitlements are in one endpoint. However,. if we use SOD, newly created AD groups will be not be processed.
This case if for CyberArk Safe access provisioning wherein each safe have sets of AD groups e.g. Read and Delete.
08/08/2024 06:34 AM
You can’t check existing entitlement in workflow directly If you want to check then use groovy query in if else block