Saviynt Forums

jralexander137 · ‎07/16/2024

Hi we are seeing an issue where we have enterprise roles assigned to users and when the technical rule that assigned them no longer evaluates to true for the condition logic, no remove access tasks get generated. I have confirmed the user update rule

is triggering because I see all the other actions firing off appropriately and am seeing the Add Access tasks being generated for the newly assigned role.

You can see in this screenshot that the user update history shows the user update rule triggered and you can see where I created a test user update rule to just re-evaluate that target technical rule where it also triggers but no remove access tasks generated.

This screenshot shows the technical rule configuration

Any ideas on what I am overlooking here?

EDIT I believe the issue lies with the user not being associated with the technical rule as shown in this screenshot. I also ran the repair option shown in the screenshot and still no remove access tasks generated. The only way I am able to get them generated is by going to the enterprise role and manually removing the user there which is not what we want.

rushikeshvartak · ‎07/16/2024

what is request option for entitlement underline enterprise role ?

validate under endpoint - entitlement type - request option ( it should be none create task / table ) and not NONE

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

jralexander137 · ‎07/16/2024

I already have that set to "Table". The remove access tasks only seem to generate if I manually remove user from role or if I use de-provision role action in user update rule, neither of which is what we're wanting to happen.

rushikeshvartak · ‎07/16/2024

This use deprovision role action https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter17-EIC-Analytics/Managing-An...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

jralexander137 · ‎07/17/2024

Wont this remove all roles though? Only the ones that fail to evaluate to true from technical rules should be removed. We're not trying to remove all roles. This is a user transfer process so only those that dont evaluate to true for their job should be removed.

jralexander137 · ‎07/17/2024

I configured a test user update rule with action as such

and remove access tasks are still not generating.

rushikeshvartak · ‎07/17/2024

Check assignedfromrule column in arstaks table

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎07/16/2024

Hi @jralexander137 , was the enterprise role assigned to user via the same technical rule?

jralexander137 · ‎07/17/2024

Yes. The technical rule shows no users associated with it

jralexander137 · ‎07/17/2024

Yes.

NM · ‎07/17/2024

Hi @jralexander137 , if the roles wasn't via technical rule it won't be removed if condition fails..

jralexander137 · ‎07/17/2024

It was assigned by the technical rule, looks like its not mapped at the DB level for some reason. All this role assignment and provisioning is done through technical rules, no one is manually assigning any roles.

prtkrh007 · ‎08/02/2024

This needs to be taken through freshservice ticket, The rule repair job is not assigning key at the db level . This is working for a new rule when tested. Please follow through that.

jralexander137 · ‎08/02/2024

Thanks for that confirmation. I already have an open ticket with support and am waiting to hear back from engineering.

Saviynt Forums

Remove Access tasks not generating when technical rule condition returns false