Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/08/2024 02:36 AM
Hi,
We are creating roles based on the organizational hierarchy, and each has a child role.
For example, if you assign a user the Role 'XXX-AAA-BBB-CCC-DDD', the user will have the entitlements 'Project_A' and 'TestADDGroup002' added.
The technical rule and user update rule are shown below.
The role is assigned dynamically by specifying the role name in the value of the user's departmentname and customproperty1.
<Results and problem>
First I create the following user:
Two roles are created and a task is created to add four entitlements.
I complete these tasks, then change the user's departmentname and invoke the user update rule.
(XXX-AAA-BBB-CCC-DDD -> XXX-AAA-BBB-CCC-KKK)
Then a task is created as shown below, and when everything is completed, testADDGroup002 is removed.
The current status of role and entitlement is shown below.
The check is the ultimate entitlement assigned by the user.
This means that the user does not have a red entitlement(TestAADGroup002), however, since the user belongs to the parent role, it must hold the entitlement of the child role.
How does the above example not create remove access for TestADDGroup002?
Regards,
Solved! Go to Solution.
08/08/2024 06:46 AM
08/08/2024 05:01 PM
- All belongs to same application!
-> Yes. In this example, all are entitlements of Azure AD.
- any pending tasks ?
-> This task is created after changing the user's group.
- Does account already have entitlement?
-> yes. I would expect to have four entitlements, but one removed is three.
08/08/2024 05:21 PM
Are you using entitlement map?
08/15/2024 08:49 PM
I found that this problem occurs when I manually complete tasks without using a Job.
08/15/2024 10:20 PM
@JPMac is the task moving to no action required state?
08/18/2024 04:45 PM
@NM Yes. when I run provisioning job.