Hi,
In our environment, I noticed there are few Identities who has partially provisioned roles.
For example - Admin requested Business role Biz1 for Identity User1. Business role Biz1 has an IT role which has 2 entitlements ENT1 and ENT2. Out of these only ENT1 is provisioned and ENT2 is failed. In this case I observed that ‘User1’ identity shows Business Role Biz1 is assigned under ‘Entitlement’ tab. But its IT role is not detected because required entitlements were not provisioned.
Because of this ENT1 and ENT2 are shown as a additional entitlements on the identity. and this can cause improper Certification campaign.
So I want to find such Identities which have partially provisioned business roles. ‘Exceptions’ under Identity lists valid additional entitlements as well these entitlements, so I don’t think I can rely on ‘Exception’ data.
Thanks,
Sagar