I am having problems reading entitlements in a Web Services connector. When I aggregate accounts and entitlements, the entitlement appears greyed out in the access list, and sometimes it does not appear at all.
The problem is that when removing a role from the identity, ISC does not recognise that the entitlement is associated with the identity and therefore does not revoke the entitlement to the account.
I tried removing the accounts and entitlements and then performing non optimised aggregations, but the results were the same.
I also noticed that when performing a “single account aggregation”, the entitlement is recognised, but this does not work in a complete aggregation:
I think ISC is not properly linking the entitlement from the account to the aggregatedd entitlement object. For this reason, it still shows access on the account, but it won’t recognize it correctly for removal from identity.
Can you verify full aggregation response mapping attribute path returning the exact ID value not object/display value. (root path/attrubute path)
In the Account Schema, did you ensure the Entitlement attribute’s type is set to ‘group’ instead of ‘string’
In Entitlement schema the attribute which you marked as entitlementid , was the same value as the attribute in account schema
suppose I have entname as the attribute in the account schema and i need to change it’s type to group and mark it as entitlement , which results the value as “Author” and In the entitlement type the type is as group and have both entname and entid attributes where need to keep the entname as entitlementid
