Issue with Unexpected Permission Addition in the Provisioning Plan

I have an issue with the provisioning plan. When assigning a business role with a required IT role that in turn has a required environment, the provisioning plan used to only add that environment. However, now it also adds some permissions that the account already has, and I don’t know why this is happening.

image589×105 4.02 KB

For example, in this case, the user already has two permissions. When trying to assign another one, the provisioning plan adds the one I want to assign and one of the permissions the user already has. Every time I’ve tested it, it’s always just one.

image400×111 1.14 KB

I tried creating an IT role and a business role from scratch or testing with others, but the provisioning plan still generates with an extra permission.

PD: I noticed that when I perform a refresh identity without any changes, it still generates a provisioning plan with the permission in question.

Thanks and regards,
Antonio.

@AntonioGvtt

If you want to replace the existing entitlement with new entitlement and you don’t want to maintain previous entitlement, then go to application → Schema → Choose that entitlement attribute and uncheck multi-valued as shown below.

image824×338 19.2 KB

If this doesn’t work, please assist with the following:

1. Can you check the entitlement details in the identity warehouse by searching for the specific identity? Each entitlement should show how it was granted. Please verify if these entitlements are assigned through your role.
   

   

   image616×281 11.1 KB

2. If multiple entitlements are added from the same application, they should appear as separate entries, resulting in two distinct entries in the plan as shown below.
   

   

   image695×112 9.88 KB
   
   
   

   image441×164 5.02 KB