We had created a delimited file with four entitlements in local server and aggregated that delimited application. Added those four entitlements in a IT role and given that IT role to Business role. And submitted the access request for a user for that business role and we got a manual workitem, so added those user details in the delimited file and completed the manual workitem. And run the aggregation task, refresh identity task and perform identity request maintenance task.
IT and business roles got added to user in entitlement tab of user.
But this roles are not getting added in Extra entitlements in the identity snapshot, so we are not able to find these entitlements in remove access tab.
Our requirement is to submit the remove request for one of the entitlement in the IT Role.
Can you please suggest on how we can achieve this.
Thanks in advance.
Hi @Ramya2018,
The most common cause for this kind of behavior would be one of the 2 scenarios:
The entitlement hasn’t been linked as an IdentityEntitlement on the Identity (refresh the Identity with the Refresh Identity Entitlements option selected should resolve this issue)
The entitlement has been assigned indirectly via role request/assignment
Note: #1 is also one of the most common reasons entitlements don’t show on an Access Review
And also check the QuickLink populations, Is there restrictions/filters applied for roles.
User got the entitlements because of the Business Role, so I don’t think you will be able to remove the one of the entitlements in detected IT Role, even if you do the same entitlement gets assigned back when you run Refresh Task due to the assigned Business and detected IT Roles.
Entitlement is not available because its been granted as part of Business Role. If you want to remove the entitlements than first provision the entitlements alone.