We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Request for entitlement with parent-child hierarchy

prachi
Regular Contributor II
Regular Contributor II

Hi,

I have entitlement in hierarchy representing Parent-child structure. 

I am looking for option wherein if a user has parent entitlement assigned, and user is requesting for other enterprise role which has its child entitlement mapped, task should not be raised for the child entitlement. 

Is there any configuration which needs to be enabled in Saviynt.

Thanks

4 REPLIES 4

sai_sp
Saviynt Employee
Saviynt Employee

The task will still be created because you are trying to assign the child entitlement directly from the enterprise role.  This is going to be a direct assignment.

rushikeshvartak
All-Star
All-Star

what is rational behind use case ? Even if task created it will go to no action required as child entitlement already assigned 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

prachi
Regular Contributor II
Regular Contributor II

The use case is - 

If i have Enterprise role (say Role1)  with entitlement E1 and another enterprise role (Role2)with entitlement E2 & E3 where E1 is the parent entitlement with E2 as child entitlement & E2 is again parent entitlement for E3, so the hierarchy looks like :

E1 -> E2 -> E3 with E1 being the highest privileged entitlements. All three entitlements are from same entitlement types.

If user requests for Role 1 and is assigned access to E1 , when the same user request for Role2 task should not be created as parent entitlement is already assigned. 

Currently user having access to Role1 , when requests access for Role2 the task for E2 & E3 is failing as its a REST connector and the API response for tasks is Error 409 with status "Parent ID already assigned". So i do not want to create task for E2 & E3 when a user requests for Role2 after Role1 is provisioned.

sai_sp
Saviynt Employee
Saviynt Employee

Hi @prachi 

There is no way to restrict that because according to saviynt E2 and E3 are still direct assignments from the enterprise role R2 even if they are indirectly assigned to the user via R1. We do not create tasks for child access from R1. For your usecase, the tasks from R2 should go to 'No Action Required' status. If this is not happening, please raise a support ticket on freshdesk.