I'm not able to see the entitlement that user is part of in Manage User Access Page (Remove section)

I’m not able to request for entitlement removal from the manage user access page (remove section) in Identity IQ

  • The entitlement is marked as requestable
  • The entitlement appears in the search result why adding access

Has anyone seen this scenario, if yes, what could be the root cause and possible fix?
Thanks in advance

Refresh the identity and see if it appears.

1 Like

1.if you select more than one identity it won’t allow to request removal.
2. check Full text index in debug page.

1 Like

The most common cause for this kind of behavior would be one of the 2 scenarios:

  1. The entitlement hasn’t been linked as an IdentityEntitlement on the Identity (refresh the Identity with the Refresh Identity Entitlements option selected should resolve this issue)
  2. The entitlement has been assigned indirectly via role request/assignment

Note: #1 is also one of the most common reasons entitlements don’t show on an Access Review

1 Like

Hi there,

Anyone find a way to fix this issue?

I’m getting the same issue with IIQ 8.2 when trying to remove entitlement from Manage User Access page.

There are something that I found when removal:

  1. Even when Allow remove requests for entitlements is checked, entitlements are not available to select
  2. No matter Allow remove requests for roles is chẹcked or not, requestable role is always available to select.
  3. The Rule for filter entitlement (removal) will never be triggered.
1 Like

Entitlements are not getting populate in manager user access–>Remove section because the identity selected is not populated with EntitlementGoup. To populate this we need to run refresh identity task with option ‘Refresh Identity Entitlements for all links’. once it is populated we are able to see in remove entitlement.

1 Like

Upon investigating on this issue, we finally found out why we see this behavior.
In our project we have lot of Roles implemented (Business Roles, IT Roles, and SSO), so all our entitlements that are associated with Roles in IIQ will not populate in the remove access page.
If the entitlement is configured as requestable, IIQ will allow you to search and add through the “Manage User Access”, but it won’t give result while removing.

So the way to remove this entitlements would be if the roles are untagged from user’s cube automatically the entitlement would also get removed.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.