Share all details related to your problem, including any error messages you may have received.
Dear community,
We have implemented automatic Role provisioning, based on some attributes. users will be provisioned with roles.
We are facing issue in provisioning when user move from one role to another (roles having common entitlements).
Role 1 - Entitlements : ABC, XYZ, PQR
Role 2 - Entitlements : XYZ, DEF
If user have Role 1 with entitlements (ABC, XYZ, PQR) and if he moves to Role 2 only âDEFâ is getting added to user profile.
User should have XYZ, DEF, instead he is having only âDEFâ.
In the provisioning plan only add entitlement value âDEFâ is coming.
What changes need to be done, so user can have XYZ, DEF when moved from Role1 to Role2
This is expected. Since the entitlement XYZ is already assigned to the user, provisioningPlan filters it out as no action is needed to add the entitlement again. But XYZ entitlement shouldnât be supposed to be removed in this case though Role 1 is removed since Role 2 also grants it.
If you are looking to verify the filtered requests, you can do so with the provisioningPlan object using below method:
try to mark Refresh assigned, detected roles and promote additional entitlements Provision assignments and unmark Disable deprovisioning of deassigned roles in the refresh task.
With this configuration SP send every detected change