Saviynt Forums

amitasingh123 · ‎05/09/2024

Hi Team,

I want to enable preventive SOD on the ARS page to stop users from requesting access that is defined in the SOD module. I followed each step outlined in the link below, but unfortunately, it's not enabled on the ARS request. Even after following every step, users can still request entitlements defined as risks in the SOD module. Please tell me what additional settings we need to perform to activate preventive SOD violations on the ARS request page.

https://forums.saviynt.com/t5/community-knowledge-base/how-to-view-enable-valid-sod-violations-in-th...

https://forums.saviynt.com/t5/identity-governance/preventing-sod-is-not-working-in-request-flow/m-p/...

rushikeshvartak · ‎05/09/2024

Did you added entry in externalconfig.properties under sod.endpoints
also add endpoint in global config

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

amitasingh123 · ‎05/10/2024

Yes I added endpoint name in externalconfig.properties under sod.endpoints see the below screenshot

also add endpoint in global config

Raghu · ‎05/10/2024

@amitasingh123 Did enabled in your admin or rspected sav role ? and check it

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

amitasingh123 · ‎05/13/2024

yes I enabled already.

rushikeshvartak · ‎05/10/2024

Validate ruleset is marked as active
show sod button under sav role is enabled

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

amitasingh123 · ‎05/13/2024

Yes ruleset is also active and SOD button is also enabled, still it's not working.

rushikeshvartak · ‎05/13/2024

Share logs when request is moved from step 2 to 3

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

amitasingh123 · ‎05/14/2024

Please find the logs, when I requested for Application from ARS page it complete the approval process without showing SOD violation for the entitlement include in functions defined for application.

itinjic · ‎05/14/2024

o enable preventive SOD violations on the ARS request page, follow these steps:

1. Make sure you have created the required functions and mapped the corresponding entitlements.

2. Set up the SOD Analysis function mapping for the specific ruleset.

3. Enable the "Show SOD in Request" option for the SAV role(s) of the users who should be able to see SOD violations during the access request.

4. Check the SOD configuration in the Global Config settings to ensure the "Evaluate SOD for role request" option is enabled.

5. Validate that the roles being requested in the ARS request have SOD conflicts defined in the SOD module.

6. Ensure that the requester has the necessary entitlements to trigger the SOD violations.

If you have followed all these steps and preventive SOD is still not enabled, you may want to review the SOD configuration and rulesets to ensure they are correctly set up. Additionally, consider reviewing the configuration of the function mappings and entitlements to ensure that they align with the SOD rules and conflicts you want to enforce.

Sapere aude

Saviynt Forums

How to Enable Preventive SOD on ARS Page