Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/03/2024 12:03 AM
Hi,
We have a requirement where we need to assign the AD groups according to the title of the employee(RBAC Model). We have created enterprise roles matching the titles and giving the roles dynamically in the technical roles while joining.
There are also conflicting titles: like the title names are same but the departments are different and the entitlements to assign are also different. To tackle this, only for the conflicting titles we used a CP5 to concat title - department and created the roles with the same names too.
We are facing an issue when it's a mover scenario. The new roles are getting added according to the title but the previous roles aren't getting removed.
Here is something I observed. When I trigger the mover scenario on a user and the account import job hasn't been run yet(The account is in a manually provisioned state), it creates the right pending tasks for the mover.
But once I run the account import job, and then trigger the mover scenario it is only creating add access tasks for the new role but not removing the previous role.
After the testing on this user, I tried with another user and observed the same thing. The remove access tasks and add access tasks generating correctly when the account is in manually provisioned state but once I run the account import and trigger the mover scenario, only add access is generating for new role but not the remove access for the previous ones.
What can be causing the issue? Is it a bug or is the account import job disassociating the roles and entitlements from the account?
Thank you.
06/03/2024 07:43 PM
Validate assignedfromroles
06/03/2024 11:20 PM
06/03/2024 11:21 PM
No . It should be populated then only revoke task will be created . Use RetroFitJob job to populate assignedfromroles
06/03/2024 11:30 PM
@rushikeshvartak I ran the retrofit job and took the count.
It shows only 133 whereas we have more than 2000+ groups.
After that I ran the account import job and now its back to 0
06/03/2024 11:46 PM
All entitlements from roles should be assigned to account and not some then only it will populate
06/03/2024 11:51 PM
@rushikeshvartak but then it's getting reset on every account import job, is there any solution for this whole problem?
06/03/2024 11:55 PM
Why it’s resetting ? Its configuration issue then
06/04/2024 12:05 AM
@rushikeshvartak Could you guide me where this configuration issue might be?
Thank you.
06/04/2024 06:23 AM
AD import. Every import should not delete and recreate account to ent mapping