Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

How to revoke access from users when changing a technical rules

JPMac
Regular Contributor
Regular Contributor

Hi All,

We created a simple technical rule.

JPMac_1-1715161408674.png

 

When the following two users are registered here, both users are granted the Enterprise Role "R-SysCriRole5."

============

User1 : CP1 : Red, CP2 : null

User2 : CP1 : null, CP2 : Blue

============

 

In this state, a change is made to remove the second condition as shown in the diagram below.

JPMac_2-1715161902825.png

Then, because user2 does not meet the condition, a task should be generated to revoke the enterprise role. However, even after changing the rule, no task is created.

 

Even though there are no changes to the user attributes, how can access be revoked for those who do not comply with the conditions when the rule is changed?

 

 

2 REPLIES 2

naveenss
All-Star
All-Star

Hi @JPMac  As far as I know, changing a technical rule condition will not trigger removal of access/role from the user. 

I would suggest you to setup an actionable analytics control to detect such users and deprovision the role from the user profile.

Let me know if you need more info.

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

rushikeshvartak
All-Star
All-Star

You need to create user update rule along with technical rule


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.