Access outside role

ethompson · June 19, 2023, 8:53pm

This may be related to this post which has an open IDEA.

If you just want the report and not handled through IDN, you may need to script this with the APIs. Here is how this could be done:

Get All Users
For each user,
a. Get all of their entitlements (You can filter on a source or take them all) - List A
b. Get all of their Roles, for each role, get all of the access profiles and for each access profile get all of the entitlements - List B
c. Subtract List B from List A to have the entitlements that are not provisioned through Roles

Endpoints:
/v3/search
/v3/roles
/v3/access-profiles

Topic		Replies	Views
Campaign for entitlement assignments without role/access profiles ISC Discussion and Questions roles , search , access-profiles , entitlements	1	465	July 19, 2023
Does anyone have a report on overlapping entitlements in Access Profiles ISC Discussion and Questions identity-security-cloud , access-profiles , entitlements	4	162	March 19, 2024
IDN account permissions ISC Discussion and Questions	3	1025	July 19, 2023
Discrepancy in Entitlements: Transitioning from Old IAM System to IdentityNow ISC Discussion and Questions identity-security-cloud	4	276	February 11, 2024
Identity & Role reports IIQ Discussion and Questions identityiq	9	512	December 12, 2023