Getting list of users holding entitlement, without the role

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi Experts,

Is there a way to get a list of users holding entitlements, but not having the role that holds the entitlement.

The closest I came was running a search query per role as below. But I have hundreds of roles to be checked.

@access(value:“Entitlement_Name”) AND NOT @access(type:ROLE AND name:“ROLE_Name”)

Any ideas would be much appreciated.

2

Hi Jesvin,

I guess you will have to look through all the entitlements and roles of a user one by one, may be via APIs.

Just a thought on how this could be done via APIs in the script:

  1. Get All Users of a source
  2. For each user:
    a. Get all of their entitlements
    b. Get all of their roles, and for each role, get their corresponding access profiles(if any) and thus the corresponding entitlements
  3. Compare each entitlement in 2a list with the entitlement list in 2b list. The entitlements of 2a list with no match in the entitlements of 2b list are the entitlements that are not provisioned through Roles

I hope this helps.

Thanks,
Shailee

3

I ended up creating search queries for each of the roles we have, then created a PowerShell script to invoke the search API’s one after the other and writing the JSON output to separate files.

1 Like
4

Hi Shailee, This approach sounds interesting, as I have similar requirement to report on source side access addition.
Is there any other options? Can this be achieved via NCD?
Thanks.

5

Hi @jesvin90

I see you have already found the way. But still sharing how i achieve this using the powerBI report which is eventually based APIs but it lets me schedule the automatic refresh such that the support team can monitor them on daily basis and then we can improve our role model and also compare if that was a solution proposed by AI recommendation for role model.

Thank You.
Regards
Vikas.

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.