Saviynt Forums

SriRanga · ‎12/06/2022

Hi,

We had a requirement where we have one security system and multiple end points under the same security system. User will get access from the from the Application Roles and not from the individual Entitlements.

If we have 4 applications roles under one single endpoint,

App Role1- User can request any 1 out of 4 roles

App Role2-User can request any 1 out of 4 roles

App Role3-User can request any 1 out of 4 roles

App Role4-User can request any 1 out of 4 roles

For the first time user need to select only 1 roles from the 4 application roles and once the users had selected the 1 roles for the modification user should not able to get access to the any other roles from the same endpoint.

Can some one let me know how can we achieve this requirement.

Regards,

Sri Ranga

rushikeshvartak · ‎12/06/2022

You can make Application role as single select /Dropbox
SOD can be implemented

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

SriRanga · ‎12/06/2022

@rushikeshvartak If we make application role as single or dropbox when the user try to add the second role from the same endpoint user can able add and submit the request or user will not able to see any other roles after he got access from role 1.

If we have SOD in place it says violation found but still user can submit the request for the second Role correct me if I am wrong

rushikeshvartak · ‎12/06/2022

for SOD - You can implement Auto Reject in Workflow.

In Single Select old role will be removed when role 2 is request role 1 will be removed

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

Saviynt Forums

Need information regarding dynamic attributes on Application Roles