Please share any images or screenshots, if relevant.
Please share any other relevant files that may be required (for example, logs).
Share all details about your problem, including any error messages you may have received.
We have a user that does not have access to Manage User Access but only Manage My Access when she in fact is assigned the same workgroup as others that do have access. The user in need does not have any additional user capabilities. I cannot locate a difference between her identity and others that are able to access. Any assistance would be appreciated.
What workgroup the user is assigned. Does it provide HelpDesk or any admin access.
What is the Quicklink population settings you have in your environment to allow the users to request access for others?
Request Access needs to be selected for self and for others to allow requesting access for others for the specific quicklink population that the user matches
Thank you. We currently do not have scoping configured but I did assign the Help Desk Personnel capability directly to her identity until our support team can look into why she does not have access based on workgroup assigned. I appreciate the assistance.
Something that helps with sanity checking is to remember that QuickLinks are accessible by DynamicScope objects. When we refer to DynamicScope, that’s not the scoping that some users are thinking about.
I like to fetch each persons DynamicScope’s since they aren’t listed on the cube. You can do this for each user by running this little snippet of code;
import sailpoint.api.DynamicScopeMatchmaker;
import sailpoint.object.*;
Identity id = context.getObjectByName(Identity.class, "spadmin");
DynamicScopeMatchmaker matcher = new DynamicScopeMatchmaker(context);
List rv = matcher.getMatches(id);
java.util.Collections.sort(rv);
return rv;
You should be able to see if one user has different DynamicScope objects.
