Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/26/2024 12:29 AM
We have a rule which assign a group to the users is the users met condition. But this rule is not creating remove access task if the users do not match the condition even if (Remove access if birthright fails is enabled). We are trying retrofit option for this rule will it create remove access task as soon as the rule is repaired?? And if not then how will it work, will it remove the groups assigned to the users who do not satisfy the condition.
08/26/2024 12:46 AM - edited 08/26/2024 12:47 AM
Hi @shefalipatidar you have to create a detective job for the same.
Was the group assigned via rule itself ?
08/26/2024 01:06 AM
yes group was assigned via rule
08/26/2024 06:20 AM
08/26/2024 12:56 AM
HI @shefalipatidar ,
"if the users do not match the condition" - I am assuming that user attribute changed and user is not matching the condition. So when the attributes change, do have have zero day rules evaluated?
Or user updated rule to re-run provisioning rules ?
Or run the rules via detective rule run job ? if the rule is detective
As the rule is birthright rule and it should create remove access task if the access was added by rule. I would suggest to stick to making rule work rather switch to another solution.
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.