Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Technical Rule not triggered when assigning Enterprise Role to user

Lynn
New Contributor II
New Contributor II

Hi All,

I have configured a very simple Technical Rule and a User Update Rule for adding the Role for User automatically.
1. Technical Rule Title_Update_TR is used to check the title of the User and will assign a Enterprise Role to the user if the Title of the user is Manager

Lynn_2-1679453029767.png

 


2. User Update Rule Title_Update_Rule will trigger Technical Rule Title_Update_TR when Title is updated.

Lynn_0-1679452837426.png

Lynn_1-1679452905054.png

 

We can see the user update rule is triggered. But we could not tell if Technical Rule is triggered or not.

Lynn_3-1679453135577.png

 

The role was not assigned to the user and we could not find the related errors in the application log.

Is there anything missing in the configuration above?  

Any help will be very appreciated.

Best regards,

Lynn

 

10 REPLIES 10

ParitaSavla
Saviynt Employee
Saviynt Employee

This should work as per your expectation. Are you not seeing any pending tasks created for entitlements that are linked to the enterprise role Saviynt_Manager? 

If you are unable to see the pending tasks, check if the entitlement_type for the entitlement that is part of the role is requestable or not. Please make it requestable in case it is not and try updating users Title. 

If the pending tasks are created, then run the provisioning job and the tasks should move to completed status and the role will get assigned to the user.

Let me know if this helps! 

 

Lynn
New Contributor II
New Contributor II

Hi ParitaSavla,

After some testing, we found out that when there is no entitlement for role, nothing happened. when there is any entitlement available for the role, the flow is triggered and We can see the pending tasks: one for creating account and one for create the access.

Is this normal? 

when we added the role without entitlement to a user manually via GUI, it succeeded.

any workaround for this?

Regards,

Lynn

 

 

ParitaSavla
Saviynt Employee
Saviynt Employee

What is the business use case where in you would have an Enterprise Role without any entitlement associated to it?

Lynn
New Contributor II
New Contributor II

We are doing the migration from other IAM solution and want to simulate the dynamic role of the current IAM solution. We expected we can use technical rule to trigger the auto role assignment to user based on the attribute such as user title.  do you have any suggestion or best practice for this requirement?

Thanks a lot.

Lynn

 

 

ParitaSavla
Saviynt Employee
Saviynt Employee

An Enterprise Role needs to contain atleast one entitlement and then the Enterprise role assignment from Technical Rules will work. 

Hence, wanting to understand why are you creating an Enterprise Role without an entitlement associated to it. 

Lynn
New Contributor II
New Contributor II

When we do the migration, the entitlement information for the role may not be ready yet and we want to add that information later. if that is not possible , we may need to trigger/run the job for Technical Rule when the entitlement information is ready( at least one entitlement). 

Lynn
New Contributor II
New Contributor II

please let us know if any workaround is available to do the enterprise role assignment.

ParitaSavla
Saviynt Employee
Saviynt Employee

Yes you will have to add the entitlement information first to the Enterprise Role and then you should be able to trigger the technical rules.

Lynn
New Contributor II
New Contributor II

right now I do update in GUI to trigger the Technical Rule from User update Rule,but I could use DetectiveProvisioningRulesJob to trigger the Technical Rule directly, right? I have not tried that yet.

 

Regards,

Lynn

Lynn
New Contributor II
New Contributor II

right now I do update in GUI to trigger the Technical Rule from User update Rule,but I could use DetectiveProvisioningRulesJob to trigger the Technical Rule directly, right? I have not tried that yet.

 

Regards,

Lynn