Automating roles by PrimaryRoleCode

Hi All-
We are attempting to automate a role we created by using the following logic to define assignments:

{EE1F6792-8A30-4BB1-8376-0712CAA94A9A}1343×803 46.8 KB

The role is connected to an AD entitlement that we have no reason to believe there is anything wrong with the configurations of. To test the automated provisioning we observed a user with the primaryrolecode in question.
After performing an account aggregation the role was not provisioned for the user. We attempted enabling access requests on the entitlement (which shouldn’t be necessary considering it is set globally). This did not seem to fix it. We also attempted changing the operation logic to “Equals” and performed another aggregation, this also did not remedy it.

I’m not sure what we’re doing wrong with this one? It’s my first time automating roles, so I apologize if it’s something obvious I’m overlooking. Any help is appreciated.

Hi @jared-fox,

Can you try performing a process identity on the user and see if the role gets assigned.

If it works, then try doing a role refresh (Apply changes on the roles page) so that it works for all users.

Wow, thanks Jesvin. So does that mean everytime I enable a roll and want it to automatically propogate to the appropriate users I need ot select the Apply Changes button in the roles menu? If that’s the case it just seems like I was missing a simple step.

Hi @jared-fox,

Yeah, doing an apply changes would immediately push the changes to all matching users.

The scheduled refresh (8 AM/8 PM) used to apply this change to all users, but we do not see the auto-refresh happening in our tenant recently.

You can try making role changes and wait for the auto-refresh to see how it behaves in your tenant.

Thanks again Jesvin, you’re a life saver!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.