and more in a single search tool across platforms. Read the announcement here. |
10/26/2023 03:49 PM - last edited on 10/30/2023 01:40 AM by Sunil
Hi Team,
10/30/2023 01:21 AM
Hi @ssingh16
Could you please provide more information about the issue/scenario. Please share the screenshot/information about the workflow.
Regards,
Dhruv Sharma
11/16/2023 12:41 PM
Hi Dhruv,
Part A: We raise one service account and add voilating roles to them due to this voilation occurring.
Part B: When we try to modify the same service account by adding non-violating roles, even though violation appears for already-assigned roles, that is an unexpected behavior.
PFA screenshot and workflow details.
Regards,
Satyam
11/19/2023 11:28 PM
Hi @ssingh16
1. Have you enabled Recalculate SOD from the Global Configuration-Request?
2. Why are you using 2 Grant access in the workflow? Can you link both the links to same.
Regards,
Dhruv Sharma
11/21/2023 10:08 AM
Hi Dhruv,
Yes, recalculate SOD is turned on.
Initially, we are using two levels of approval. To link both levels of grant access to the same, you mean that when a request goes for approval, it requires only one level of approval. If it is, we can't use the same configuration. We are in non-prod, where we have not seen this issue.
Regards,
Satyam
11/21/2023 10:22 PM
Can you turn off recalculate Sod and check behaviour
11/24/2023 01:43 PM
Hi Rushikesh,
Our concern is that whenever we request a non-violating role, violations should not appear on the request or approval page. The issue seems to be with the preventative SOD check, which is not working as expected.
Disabling the recalculate SOD button is a secondary matter or step. We must first ascertain the reason behind the appearance of violations for roles that actually do not violate.
Regards,
Satyam
11/25/2023 06:53 AM
Recalculate sod is beta feature and might not work as expected
12/07/2023 05:10 AM
Hi @ssingh16
Could you please confirm on which version are you facing this issue?
Have you opened a Fresh service ticket for this issue? Can you share the Ticket number if there is an existing ticket. Can you please confirm on which version you are facing this issue.
Regards,
Dhruv Sharma
12/07/2023 07:09 AM
Hi Dhruv,
Currently, we are running on version Saviynt v2020.1
FD number: 2007991
Regards,
Satyam
12/19/2023 06:33 AM
Could you please provide an update on the above issue reported?
Regards,
Satyam
12/19/2023 07:13 AM
Hi @ssingh16
As I can see from the FD comments, the product is behaving as expected.
12/19/2023 08:12 AM
Hello Dhruv,
If preventative SOD works in such a way that it will cross-verify all the entities of the user, and if violation exists for any assigned role, then it will reflect on the approval page if we raise a non-violating access request. After the first level of approval, it went to the 'Admin' for approval instead of the role owner, and that is not an expected behavior, I guess. It seems like workflow breaks in the middle of the request.
Could you please explain why it is stuck at admin?
Regards,
Satyam
12/20/2023 02:01 AM
Hi @ssingh16
From the workflow, I can see that there is a two-level workflow with Risk owner1 and Risk owner2 when the request is having SOD violating entitlements. It is going to level 1 approval and post the level 1 approval; it is going to admin instead of level 2 approver.
Here the issue seems to in the workflow and not the SOD. Now please confirm if you are using a user group in the level 2 approval (Risk owner 1), Are there valid and active users in that group with Rank 1 ownership?
Could you please try with a user instead of user group in Risk owner 1 approval and see if it works?
Regards,
Dhruv Sharma
12/20/2023 11:02 AM
Please share workflow
12/20/2023 11:12 AM
12/20/2023 11:15 AM
This blocks does not works in service account hence use custom query block and rank validation in query
Query :
select u.userkey
from request_exceptions RE INNER JOIN riskowners RO ON RO.RISKID=RE.EXCEPTIONKEY
INNER JOIN Users U ON U.userkey=RO.OWNERUSERKEY and ro.rank=1
where RE.REQUESTKEY=${ARSREQUEST.id}
12/20/2023 11:36 AM
In this block, what do you mean by Risk Owner 2 or Risk Owner 1? At this place, we need to test by placing a custom assignment task block. Correct me if I misunderstood something.
12/20/2023 12:14 PM