When a user is raising a new application access request - he selects the application and can finds all application roles of only the selected application. This makes it easier for the user as he can see all application roles under the selected application.
Is there a way we can club Enterprise Roles also under a Logical Endpoint? Perhaps by using Parent / child role mapping or so? This way it's easier for users to select an Endpoint and see all Enterprise roles under this logical endpoint?
Or suggest is there any way to group Enterprise roles?
@karamchand we implemented a similar case for 1 of the team:
1. Created a disconnected security system (the provisioning for account was done only to saviynt DB).
2. Created enterprise role (This was made up of multiple entitleemnt from many system). This was assigned to role endpoint for this disconnected system.
3. Ideally now the end user need to raise a request for this disconnected system and EIC would trigger following task :
3.1 Create Account for disconnected system
3.2 Create account for system for the listed entitlements under role, if the user does not has a account
3.3 Add access taks for this entitleemnt system
Note : This we did because, it was mandatory from customer to request EP role via Endpoint request.
@karamchand Open the respective enterprise role. and update the endpoint name in role details page.
Then Navigate to admin>endpoint>roletype>make requestable(table)for enterprise role.
Sometimes changes may take few minutes and then try.
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
Thanks for the quick response Sumathi.
I do not have the system set up completely to verify this. Once its done like you mentioned, where does the enterprise role appear for user?
1. Under Enterprise Roles tab?
2. Under Applications tab - after selecting the Logical Endpoint?