Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SoD approver is getting all entitlements even though it doesn't have a violation

IAM
Regular Contributor
Regular Contributor

‎02/28/2024 09:36 AM

For some reason, if there is an SoD violation, after it goes through manager approval, even the entitlements that have not caused an SoD violation is going to the SoD approvers. Why is that? This is causing issues because the SoD approver is rejecting these entitlements because they are not the approvers of that entitlement but it's still going to them because of the SoD violation for a different entitlement.

 

IAM_1-1709141510940.png

As you can see here, the top entitlement was the only SoD violation

IAM_2-1709141685603.png

 

But it was still sent to SOD Owner Task for approval

IAM_3-1709141746398.png

 

Labels:
0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎02/28/2024 07:53 PM

If request contains sod it will route to SoD Approval Group its expected behaviour


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎02/29/2024 05:41 AM

All entitlements? Even entitlements that did not trigger the SoD violation?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IAM

‎02/29/2024 11:12 PM

If you particular entitlements causing sod to be routed then use if else block

SODViolation.get('High') > 0 
SODViolation.get('low') > 0


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎03/01/2024 05:29 AM - edited ‎03/01/2024 05:30 AM

Thank you Rushikesh.

Are you saying to remove this from my if else block:

SOD != null and SOD gt 0

 

And instead add this (I have the OR so that I can get all violations):

SODViolation.get('High') > 0  or SODViolation.get('low') > 0

 

"SOD != null and SOD gt 0" isn't already filtering the entitlements with the SOD violation?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IAM

‎03/02/2024 01:26 PM

Sod variable just check if request have sod or not. Sod violation variable check type of sod


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

IAM
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎03/04/2024 11:16 AM

SODViolation.get allows me to filter out the entitlements that do and dont have an SOD violation? That will solve my problem if I can filter the entitlements rather than just to check if request has an SOD or not.

0 Kudos
Copyright © 2024 Khoros, LLC