@Dev
- How External SoD Works ?
- Whenever user requests for access - User's existing access and requested new / remove access (sap roles) are sent to external risk evaluation ( in case SAP its GRC)
- Upon successful calculation of external SoD in GRC results of SoD and SoD Risk will be displayed under external SoD under Request Approval & Request History.
As you have replicated issue in DEV and found if import ran before request resolves issue ,below possible reasons for failure
- if EIC (Saviynt) does not have same account to entitlement information as SAP then this will cause issue
- always access should be added from Saviynt only to avoid such issue
- in case access is added from backend import should be performed to keep account to entitlement mapping in sync.
- Setting import twice in day will never resolve this issue if access is getting added backend.
- and increasing import frequency is not even feasible and good approach as we can't predict when user can raise request.
Only solution is access request should be performed from only one source.
Below are ways to debug external SoD
- Raise Saviynt Request for User with conflicting access and monitor SoD Violations and risk.
- Run GRC Simulation with same user with same access in GRC.
If above 2 results matching there is no issue in external GRC Calculation.
if above 2 results does not match and saviynt result is varying then you may need to raise saviynt FD ticket for further analysis by sharing both results and Saviynt Logs
Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
