and more in a single search tool across platforms. Read the announcement here. |
04/20/2023 12:35 AM
Hello,
I'm following the topic:
https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...
In this documentation, it is clearly wirtten, that we can delete entitlement value if the entitlement are not in the file action and if we set the property to Delete
It's what I did, but it doesn't work, entitlement values are still there.
Can you help me to make this function work ?
Thanks
04/20/2023 05:50 AM
Hi @WilliamD
As per my understand, Saviynt wont delete the entitlement, I believe below property should be set
entnotpresentaction="inactive" or "noaction"
In case of inactive, if the entitlement is not part of the access import , then the one present in Saviynt will be marked as Inactive.
In case of noaction, if the entitlement is not part of the access import , then no action would be taken for the entitlement which is present in Saviynt.
Thanks
04/20/2023 05:57 AM
Thanks a lot for your quick return dgandhi,
In my case for the version that I use, v5.5
It is the property ENTITLEMENT_VALUES_NOT_IN_FILE_ACTION:
I have both possibility for the property but there is no "inactive".
Delete: Use this action to remove the existing entitlements from SSM and upload the entitlements from the CSV file.
No Action: Use this action to retain the existing entitlements in SSM and upload the entitlements from the CSV file.
I was therefore hoping that it was possible for me to delete rights created by mistake.
Thanks
04/20/2023 06:14 AM
I am using the above mentioned config in Saviynt v5.5SP3.
I don't think Saviynt supports deleting the entitlement value as part of import but let anyone from Saviynt team confirm on this point.
Thanks
04/25/2023 05:17 PM
@WilliamD Saviynt does not support hard delete of entitlements. We either mark them as Suspended with '-deleted' naming convention or the status can be marked as inactive and the entitlements cannot be used.
04/25/2023 05:29 PM
Suspended with -deleted tag is for accounts only and not for entitlements.
For entitlements , it will only be marked as inactive.
Thanks
04/25/2023 05:32 PM
Agreed. Few connectors like DB, File based can be configured to have -Deleted in some older versions.