and more in a single search tool across platforms. Read the announcement here. |
03/21/2023 07:55 PM
Hi All,
I have configured a very simple Technical Rule and a User Update Rule for adding the Role for User automatically.
1. Technical Rule Title_Update_TR is used to check the title of the User and will assign a Enterprise Role to the user if the Title of the user is Manager
2. User Update Rule Title_Update_Rule will trigger Technical Rule Title_Update_TR when Title is updated.
We can see the user update rule is triggered. But we could not tell if Technical Rule is triggered or not.
The role was not assigned to the user and we could not find the related errors in the application log.
Is there anything missing in the configuration above?
Any help will be very appreciated.
Best regards,
Lynn
Solved! Go to Solution.
03/22/2023 01:27 PM
This should work as per your expectation. Are you not seeing any pending tasks created for entitlements that are linked to the enterprise role Saviynt_Manager?
If you are unable to see the pending tasks, check if the entitlement_type for the entitlement that is part of the role is requestable or not. Please make it requestable in case it is not and try updating users Title.
If the pending tasks are created, then run the provisioning job and the tasks should move to completed status and the role will get assigned to the user.
Let me know if this helps!
03/22/2023 01:36 PM
Hi ParitaSavla,
After some testing, we found out that when there is no entitlement for role, nothing happened. when there is any entitlement available for the role, the flow is triggered and We can see the pending tasks: one for creating account and one for create the access.
Is this normal?
when we added the role without entitlement to a user manually via GUI, it succeeded.
any workaround for this?
Regards,
Lynn
03/22/2023 02:05 PM
What is the business use case where in you would have an Enterprise Role without any entitlement associated to it?
03/22/2023 02:16 PM
We are doing the migration from other IAM solution and want to simulate the dynamic role of the current IAM solution. We expected we can use technical rule to trigger the auto role assignment to user based on the attribute such as user title. do you have any suggestion or best practice for this requirement?
Thanks a lot.
Lynn
03/22/2023 02:48 PM
An Enterprise Role needs to contain atleast one entitlement and then the Enterprise role assignment from Technical Rules will work.
Hence, wanting to understand why are you creating an Enterprise Role without an entitlement associated to it.
03/22/2023 02:58 PM
When we do the migration, the entitlement information for the role may not be ready yet and we want to add that information later. if that is not possible , we may need to trigger/run the job for Technical Rule when the entitlement information is ready( at least one entitlement).
03/22/2023 02:59 PM
please let us know if any workaround is available to do the enterprise role assignment.
03/22/2023 03:00 PM
Yes you will have to add the entitlement information first to the Enterprise Role and then you should be able to trigger the technical rules.
03/22/2023 03:59 PM
right now I do update in GUI to trigger the Technical Rule from User update Rule,but I could use DetectiveProvisioningRulesJob to trigger the Technical Rule directly, right? I have not tried that yet.
Regards,
Lynn
03/22/2023 03:05 PM
right now I do update in GUI to trigger the Technical Rule from User update Rule,but I could use DetectiveProvisioningRulesJob to trigger the Technical Rule directly, right? I have not tried that yet.
Regards,
Lynn