Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Roles not getting removed from the user profile

saimeghana
Regular Contributor II
Regular Contributor II

Hi Team,

We have configuration that when department number changes, role which is assigned to user will be removed and new role is added.

The entitlements related to the Role got removed but Role is still present in the user profile and entitlement task got completed successfully.

saimeghana_0-1692867080489.pngsaimeghana_1-1692867152659.png

Thanks,

Sai Meghana

 

 

13 REPLIES 13

dgandhi
All-Star
All-Star

Have you check if all the entitlements which are part of the role removed? Maybe some of the entitlement which are part of the role not yet removed.

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

saimeghana
Regular Contributor II
Regular Contributor II

Hi Devang Gandhi,

Yes checked, we have only one entitlement for one role that entitlement got removed from the user.

Thanks,

Sai Meghana

Can you check if the user has any entries in account_entitlements1 table with assignedfromroles populated with the rolekey of the Role that you are trying to deprovision?

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Check below post also once.

 

https://forums.saviynt.com/t5/identity-governance/role-user-association-removal-is-not-happening-aft...

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

rushikeshvartak
All-Star
All-Star

Is this called from Rule ?

Does "Task Execution Hierarchy" configuration set in your environment ?


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

saimeghana
Regular Contributor II
Regular Contributor II

Yes, we have "Task Execution Hierarchy" set.

We are requesting the roles from ARS, for removing it will call from the Rule.

Thanks,

Sai Meghana

We have also seen same issue roles does not get removed . what is Task Execution Hierarchy config


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

saimeghana_0-1692938953909.png

Thanks,

Sai Meghana

Try removing config and check if it gets removed


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Hi Rushikesh Vartak,

Okay, will try to test this but we required this hierarchy for other things.

Thanks,

Sai Meghana

Hi @rushikeshvartak,

Tried by removing the config and tested it is working.

Has we mentioned we need this Hierarchy for other applications.

Please can we have a feasible solution.

Thanks,

Sai Meghana

saimeghana
Regular Contributor II
Regular Contributor II

Hi Team,

We are removing roles through 2 ways-

  1. User update rule is calling the Technical rule which is assigning and removing the birthright roles.
  2. we are removing all roles through user update rule which are assigned through ARS.

We have observed that in 1st option its removing the entitlement and role from the user. But when we have this user update rule(2nd option), its removing the entitlement from user but roles are not removed which is not correct and will have issue during audits.

What could be the best way to handle this?

Thanks

Sai Meghana

 

saimeghana
Regular Contributor II
Regular Contributor II

Hi Team,

For the Above issue we added the new option to the rule like Deprovision Role, this issue is fixed.

Thanks,

Sai Meghana