Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Expected behavior of role removal when using "Remove Birthright access if condition fails"

aundreb
Regular Contributor II
Regular Contributor II

Hello,

I've been removing roles and adding new roles by re-running technical rules and using the remove birthright access if condition fails.

What is the expected behavior of the removal of the role? I have an Enterprise role that has two different endpoint entitlements in the role.

The removal tasks generate but if it seems if I run the provisioning job for only endpoint 1, the role gets removed from the user even if the entitlements from endpoint 2 are still pending. 

Does it only take the removal of one entitlement in the role for the role to be removed from the user?

2 REPLIES 2

rushikeshvartak
All-Star
All-Star
  • It should be issue with connection attached to Security system.
    • Does other task which not generated through rules are getting completed for second endpoint ?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

aundreb
Regular Contributor II
Regular Contributor II

So its nots a connection issue. What I mean is I ran a wsretry job specific to endpoint 1 only, and purposely didn't run endpoint 2 removals tasks.

The role still got removed from the user even though endpoint 2 removals tasks were still pending.