and more in a single search tool across platforms. Read the announcement here. |
10/10/2022 08:29 PM
Hi,
Assuming ..
Endpoint E has three account types 1, 2, 3.
A user X have three accounts on endpoint E : a1 (Account type 1), a2 (Account type 2), and a3 (Account type 3).
Account a1 have two entitlements of E1-1, E1-2
Account a2 has one entitlement of E2-1
Account a3 have two entitlements: E3-1, E3-3
There is an application role
R1 which have three entitlements : E1-1, E1-2, E1-3, E1-4.
R2 which have three entitlements : E2-1, E2-2, E2-3, E2-4.
R3 which have three entitlements : E3-1, E3-2, E3-3, E3-4.
Now, when user X is added to role membership of role R1, Add Access tasks will be created and entitlements will be assigned for account types a1, a2 and a3. Same is true for role R2 and R3
GOAL -
For R1 - entitlements need to be assigned ONLY for Account type 1, NOT to account type Account 2 and 3
For R2 - entitlements need to be assigned ONLY for Account type 2, NOT to account type Account 1 and 3
For R3 - entitlements need to be assigned ONLY for Account type 3, NOT to account type Account 1 and 2
How can we restrict the assignment of entitlement during role membership to only one particular account type, but not for other account types?
Thanks
Solved! Go to Solution.
10/10/2022 08:43 PM
How role is added ? via ARS - Request for Self /others or from Admin - Roles
10/11/2022 06:26 AM
Role is added from Admin - Roles
10/11/2022 11:58 AM
if roles are added from admin this is not configurable.
10/11/2022 12:06 PM
Hi Rushikesh,
Thanks for the update. What is the recommended solution if ARS is used with bulk update?
Thanks,
10/11/2022 12:08 PM
You can use multi user bulk import by excel where you have control which account and entitlement you want to add.
Multi user UI , you need to select account n UI - manual effort so not suggested
10/11/2022 12:37 PM
Thanks Rushikesh for you great suggestion. That should work as workaround.
10/11/2022 12:43 PM - edited 10/11/2022 01:44 PM
Few more case :
1. Is this ARS access bulk upload will work for Enterprise Role as well to control which account type and entitlement?
2. How do we prevent add access for unwanted account type in the existing users when we add new entitlement in a Role? Role update could be done from Admin - Role or ARS Managed Role
10/12/2022 12:11 PM
1. Enterprise Role - No
Does this enterprise role are requestable from ARS Request form ?
2. You can create detective actionable analytics report where you can remove such entitlements