Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Templated Role Name with Remove Birthright Access if condition fails

alanbixby
New Contributor III
New Contributor III

Our organization has a Technical Rule that assigns the role ${user.jobDescription} whenever the user's Job Description is updated, and uses the condition advanced query a.jobDescription IS NOT NULL. This is triggered by a User Update rule that monitors the job description field for changes.

 

Birthright, Remove Birthright Access if condition fails, and Detective are enabled on the Technical Rule; when the user's job description is changed (including to blank/null), the existing role is not revoked. Currently our staff must manually purge their previous role which is not ideal, especially in bulk updates.

Is this a known limitation of utilizing template rules? If so, what methods have others used as a workaround. Is there a way to reference the "Change Map" listed in the Execution Trail so we can trigger a deprovision task? There are ~500 job roles, which makes creating unique Technical Rules untenable.

We are currently on v24.3.

1 REPLY 1

rushikeshvartak
All-Star
All-Star

Create actionable analytics report with remove role action to achieve this


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.