Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon
cancel
Showing results for 
Search instead for 
Did you mean: 

SOD owner approval generated in case of no violation

kunal_saxena
Regular Contributor
Regular Contributor

Hi,
We are creating a workflow wherein if a request has a SOD violation, then the request will initially go for SOD owner workflow. To implement this, we added the following condition in workflow:

kunal_saxena_0-1724662732537.png

If this condition is true, SOD owner approval is generated

This is working as expected. When there is a SOD violation, the request is initially sent for SOD owner approval. However, when we create another request for the same user which does not have a SOD violation, the request is sent for SOD owner approval in that case as well.

Please advise on how we can handle this. Ideally, we would only want to have SOD owner approvals for requests that have a SOD violation created as part of that request.

Thanks,
Kunal

9 REPLIES 9

indra_hema_95
Regular Contributor III
Regular Contributor III

Hi @kunal_saxena can you please share the screenshot's of the request history? And for a fresh users when you are requesting for non conflicting entitlements are you experiencing the same?

Regards,

Indra

Hi @indra_hema_95 , PFB the screenshot of request history:

kunal_saxena_0-1724668752353.png

We do not see this behavior for a fresh user when requesting for non conflicting entitlements.

 

indra_hema_95
Regular Contributor III
Regular Contributor III

Hi @kunal_saxena This request shows there is a violation in the request so it will go for SoD owner approval. If there is a violation in your request, it will go for the SoD owner approval. Do you have any request history where there is no violation but the request is still going for SoD owner approval?

Regards,

Indra

  • use one more if else sod eq 0 
  • if true - send to manager approval
  • else - send to sod owner approval

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak , We tried the steps suggested by you but the request is still going for SOD owner approval:

kunal_saxena_0-1724825298832.png

Example: Request for an entitlement that did not cause a violation. The request went for SOD owner approval as underlined below:

kunal_saxena_1-1724825516093.png

However, this request does show the pre-existing SOD violation for this user (for the same user, we had requested entitlements earlier which had triggered a SOD violation)

kunal_saxena_2-1724825647629.png

Thanks,

Kunal

  • This is expected behavior existing sod will be visible.
  • and sod eq 0 condition should come first

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak - I changed the order such that sod eq 0 condition comes first. Still, the request for a non-conflicting entitlement is going for SOD owner approval.

As mentioned existing sod will be visible 

below is configuration to disable [Global config - SOD ]

rushikeshvartak_0-1724849459359.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Thanks @rushikeshvartak . Disabling the setting in global config resolved the issue.