We created a Business Role and assigned an IT Role that includes an AD group (entitlement). According to the assignment logic, the user was removed from the Business Role; however, the entitlement is still present. Has anyone encountered this issue before?
Thanks
To confirm, the IT role was assigned via the Business role membership? Does the role assignment reflect that?
Is this entitlement granted by another role assigned to the user?
Hello @robert-hails
Thanks for the reply..
The Business Role was assigned based on the assignment logic, and the Business Role, IT Role, and entitlement were successfully assigned. However, after removing the Business Role, both the Business Role and IT Role were removed, but the AD group entitlement is still present..
Do you see a provisioning transaction submitted to remove the AD group?
1 Like
Yes, the provision transaction was generated to remove the AD group, and it was successful. Do we need to run AD aggregation?
Have you confirmed the entitlement was removed on the AD side?
Hello @robert-hails
after AD aggregation i can see AD group has been removed from the user. Thanks issue has been resolved.
@bhoyars_1 Good that aggregation updates the link. However, it should also update without aggregation as well once transaction is commited. Do you have any failures while removing business role, it role and entitlement ? If there is a failure, link will not be updated till you run aggregation.
Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(
, 
, etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.