and more in a single search tool across platforms. Read the announcement here. |
11/30/2023 03:48 AM
We are trying to workout on the logic , when a new user is coming to ARS and selecting for a new role and submit for access, new role need to be assigned to user and existing role must be removed from the user.
When using Dropdown(single) option, the expectation is to create two tasks one for add access, another one for remove access. But we are observing that only add access task is getting generated. Remove access task not getting generated.
Can you please advise what are the possible reasons for this issue. Application roles already tagged with valid entitlements.
11/30/2023 04:32 AM - edited 11/30/2023 04:33 AM
@Happy333 once task is completed is existing role removed from the user?
Remove Role access when a Role is no longer | Saviynt Ideas Portal
12/04/2023 05:49 AM
@SumathiSomala Nope, Only Add access task is getting created under the ARS request for the selected role.
No removal task is getting created for the existing role revocation. So, no role removal is happening.
12/04/2023 05:54 AM
@Happy333 It's an existing bug in Saviynt for Roles Dropdown(single) option
Remove Role access when a Role is no longer | Saviynt Ideas Portal
12/04/2023 06:13 AM
@SumathiSomala Do you mean this is a bug in the version 5.5 SP3.20? If so, Is the solution available in any latest versions? I remember this option was used and working in the previous versions.
As of now do you have any work around to suggest to achieve this requirement?
User need to get assigned new role, then existing role need to be revoked
12/04/2023 06:28 AM - edited 12/04/2023 07:36 AM
@Happy333 This issue not yet resolved for Roles.
Working fine for entitlements
Workaround-Try request option as Table.
12/04/2023 07:33 AM
@Happy333 : Nope this is not yet solved. Currently product doesn't remove existing role when request-option is single drop down in case of Roles(Enterprise or Application) unlike regular entitlements
12/04/2023 07:40 AM
Does assigned from roles are populated for entitlement in order to remove entitlement.
Enterprise roles should not be tagged to any applicaiton/Endpoint
12/08/2023 12:19 AM
This is a disconnected application set up. We are consuming AD or Azure entitlements reconciled to Saviynt tagged to application roles.
So, if a user needs to hold only the new role requesting and want to instantly revoke the existing role, this was an option. Hopefully the issue will be fixed soon and this option will be available for such requirement.