Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

How to - Achieve Realtime Provisioning of Access

RakeshMG
Saviynt Employee
Saviynt Employee

on ‎03/30/2023 01:56 PM

Use Case

Consider a scenario where a retail organization uses a Database System where access to modify (update, delete, truncate, insert etc.) is considered to be of high risk. Therefore firefighter roles are implemented which gives you write permissions for half hour time frame (default time frame).
 
Example:
The task to insert some 1k new orders into the system without which orders cannot be taken out for delivery. Given your query execution might take some time , it is very important to use each minute out of those 30. Therefore, if you have to wait for the scheduled jobs, for e.g. after every 15 minutes, you lose half of time waiting for your access and you might not be able to meet your business SLA. Achieving real time provisioning is very crucial in such scenarios.

Applicable Version(s)

All
 

Solution

Achieving real-time provisioning of access involves two factors:

a. Instant creation of tasks as soon as the request is submitted

b. Instant fulfillment/provisioning of access as soon as the task is created

 

How to achieve instant creation of tasks?

 

In case of role based entitlement tasks creation(or tasks for standalone entitlements where startdate is present), one of the two can happen

 

  1. If start date for the role is less than when the request is marked completed (all approvals are in place) then the tasks are created as soon as the request is marked completed 
  2. If start date is greater than when the request is marked completed (future date) then there is a need to run EnterpriseRoleManagementJob (this job creates tasks for all the future start date entitlements) to create the tasks for role entitlements .

 

To achieve instant creation of tasks, a config is available in the Global configurations ARS/home/request (depending on the label) as below –

RakeshMG_0-1680077488552.png

NOTE – Maximum time difference allowed in the product in 15 mins . You can leave this config as blank in case you do not want to create role entitlement tasks without EnterpriseRoleManagementJob job.

 

Instant creation of tasks can be achieved with Enterprise roles and Application Roles as well . Enterprise Roles and Application roles also exhibit same technical behavior as firefighter role where you provide start date and end date. However, you might not have default time frame added in case of these type of roles but you can come across time bound scenarios where end users have explicitly selected a time difference of half hour or one hour between start date and end date. 

 

How to achieve fulfillment/provisioning of tasks?

 

To achieve real time provisioning we have a config 'Instant Provisioningunder security system which instantly provisions the access  once you have the tasks created without losing time. Enable the below config to achieve the same.

RakeshMG_1-1680077505018.png

References

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter13-Access-Requests/ars-set-u...

0 Kudos
Comments
rushikeshvartak
All-Star
All-Star
‎05/21/2023 03:22 PM

What is default timeframe in minutes  for create task if less than

Version history
Last update:
‎03/30/2023 01:56 PM
Updated by:
Saviynt Employee
Contributors
Copyright © 2024 Khoros, LLC