Hi,
We have a requirement where we need to assign the AD groups according to the title of the employee(RBAC Model). We have created enterprise roles matching the titles and giving the roles dynamically in the technical roles while joining.
There are also conflicting titles: like the title names are same but the departments are different and the entitlements to assign are also different. To tackle this, only for the conflicting titles we used a CP5 to concat title - department and created the roles with the same names too.
We are facing an issue when it's a mover scenario. The new roles are getting added according to the title but the previous roles aren't getting removed.
Here is something I observed. When I trigger the mover scenario on a user and the account import job hasn't been run yet(The account is in a manually provisioned state), it creates the right pending tasks for the mover.
But once I run the account import job, and then trigger the mover scenario it is only creating add access tasks for the new role but not removing the previous role.
After the testing on this user, I tried with another user and observed the same thing. The remove access tasks and add access tasks generating correctly when the account is in manually provisioned state but once I run the account import and trigger the mover scenario, only add access is generating for new role but not the remove access for the previous ones.
What can be causing the issue? Is it a bug or is the account import job disassociating the roles and entitlements from the account?
Thank you.
