When “access” is configured in the “includes” array of an identities search API, the result returns also entitlements (as expected).
One of the attributes of the returned entitlements is “standalone” which can have one of the values true or false. What is the exact meaning of ‘standalone’ = false | true: not individually requested, not part of an access profile that the user has, … ?
The entitlements of a user that does not combine together to make an access profile will be marked as standalone - TRUE.
eg.
If ent A is the only entitlement in Access profile A, and user holds ent A, then ent A will be standalone - FALSE
If ent A & ent B are part of Access profile A and user holds only ent A, then ent A will be standalone - TRUE
If ent A & ent B are part of Access profile A and user holds ent A & ent B, then ent A & ent B will be standalone - FALSE.
In other words, if you remove all the access profiles from a user, the entitlements that would be left over are the standalone entitlements.
The entitlements directly assigned as part of role memberships may also be tagged as standalone - FALSE.
Hi Jesvin Joseph,
Thanks for your feedback. I’ve opened a support ticket with SailPoint to get the attribute properly described in the on-line documentation; not only for entitlements, but also for access profiles.