Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

When I change the department number of a user, I want to use a rule to change the role

Go to solution
JohnDoe
Regular Contributor
Regular Contributor

‎01/14/2024 07:14 PM

Hello ,

 

We created a Technical Rule that references each user's department number and assigns them a role with the same name as department number, and an Update Rule that re-runs this Technical Rule when changing department number.
With this, we want to assign a role with the same name as department number when onboarding a user, and remove the old department role and assign the new department role when transferring.

(Technical Rule Remove Birthright Access if condition fails is enabled.)

Using the CSV file, we tried to change the department number of a user who has already been granted a role and replace it with the new role.
However, the tasks for the new role and its Entitlement were created, but the Remove Access task for the old role was not.

If it is an Entitlement and not a role, the Entitlement could be replaced by Remove Birthright Access if condition fails, but not a role?
If so, do I need to change any settings?

JohnDoe_0-1705288338503.pngJohnDoe_1-1705288341239.png

 

Labels:
0 Kudos
3 REPLIES 3

Go to solution
rushikeshvartak
All-Star
All-Star

‎01/14/2024 07:18 PM - edited ‎01/14/2024 07:20 PM

You can use deprovision role action in rule


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
JohnDoe
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎01/14/2024 07:59 PM

Thank you for your answer.

I only want to remove the old department number role this time.
This is tied to Azure AD Entitlement.

And there are other roles tied to Azure AD Entitlement besides the department number role.
I would expect that a Deprovision Role would also deprive you of those roles.
Also, the User Update Rule cannot use variables, so it would be difficult to identify by role name. (There are nearly 900 department numbers.)

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to JohnDoe

‎01/14/2024 08:01 PM

You can explore

  • actionable analytics with Deprovision role opertion.
  • Custom jar calling saviynt REST APis

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
Copyright © 2024 Khoros, LLC