Identities with Role Assigned but not the corresponding entitlement

kartheek_gopu · March 11, 2025, 11:02am

Hi Team,

We observed that for disconnected applications, if the Snow team is updating the tickets to “Closed Incomplete”, we see that the role is already assigned to the identity but the entitlements are not assigned and will be not retried by SailPoint.

Now, the issue is that the identity is holding the role but not the corresponding entitlements.
We want to revoke such roles assigned to various identities.

Is there any way to pull such identities who are assigned roles but not the corresponding entitlements?

Can we do this via any search query or via Workflow or Via Powershell script?

Thanks,
Kartheek

vkashat · March 11, 2025, 3:30pm

You can use search with a query like this:

@access(id:“role id”) AND NOT @access(id:“entitlement id”)

system · May 10, 2025, 3:30pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Campaign for entitlement assignments without role/access profiles ISC Discussion and Questions roles , search , access-profiles , entitlements	1	565	July 19, 2023
Roles and Entitlement dependencies ISC Discussion and Questions identity-security-cloud , entitlements	4	107	April 15, 2025
Entitlement linked to the role was not granted ISC Discussion and Questions identity-security-cloud , entitlements	5	80	April 1, 2025
Query on Assigned Roles ISC Discussion and Questions identity-security-cloud , entitlements	4	168	September 24, 2024
Delimited application, remove request for one of the entitlement in the IT Role IIQ Discussion and Questions identityiq , roles	4	581	January 16, 2024

Identities with Role Assigned but not the corresponding entitlement

Related topics