How to find all identities who has partially provisioned business roles?

Hi,
In our environment, I noticed there are few Identities who has partially provisioned roles.
For example - Admin requested Business role Biz1 for Identity User1. Business role Biz1 has an IT role which has 2 entitlements ENT1 and ENT2. Out of these only ENT1 is provisioned and ENT2 is failed. In this case I observed that ‘User1’ identity shows Business Role Biz1 is assigned under ‘Entitlement’ tab. But its IT role is not detected because required entitlements were not provisioned.

Because of this ENT1 and ENT2 are shown as a additional entitlements on the identity. and this can cause improper Certification campaign.

So I want to find such Identities which have partially provisioned business roles. ‘Exceptions’ under Identity lists valid additional entitlements as well these entitlements, so I don’t think I can rely on ‘Exception’ data.

Thanks,
Sagar

HI @sbhingare ,

I believe you will have to create a custom task to iterate over identities and get there assigned roles and then extract entitlement part of the, and check entitlements against the Exceptions and see if assignment id is missing.

It has to be done with custom task only, i do not find straign away fix for this.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.