Hi All,
I have a question about Role Granularity. How does it work?
In my sandbox environment, when I set the Role Granularity to 73% with a minimum of 3 identities, it shows one potential role with 3 identities having 100% similar access.
However, when I increase the Role Granularity to 80%, it doesn’t show anything. Shouldn’t it show the same result as the previous setting as all the 3 identities having all the access?
Thanks,
Anyone have any idea on this?
Hi @subaya19 ,
Role granularity doesn’t work exactly the same as per your description. So, if you lower down the role granularity the potential roles discovered include more identities with less entitlement similarity.
In case with high granularity, the potential roles discovered include fewer identities with more entitlement similarity.
So the minimum identities & granularity works internally. Less number of identities with low granularity fetch out more potential roles and vice versa.
Please visit the link for more - Discovering Roles - SailPoint Identity Services
I hope it might help!
Hi @PrashantMishra, thank you for your reply!
I have gone through this document, but still did not get what happened in the backend/internally in IDN that it did not show the potential Role in my 2nd case.
Changing Role Granularity from 73% to 80%, what got changed internally to not reflect that Role? How the algorithm is working ?
Appreciate your help!
Hi @subaya19 ,
In your case due to change in granularity and minimum selected identities couldn’t fetch out anything. I would suggest in case of high granularity please tweak the minimum identities field with decrease in number.
As, I could see a potential role is already discovered with 3 identities so it might be the case that when you increase the granularity none of the identities matches the criteria, so it I would recommend to reduce the minimum identities from 3 to 2 or so.
Rest, ISC internally works on AI granularity algorithm to discover the potential roles. In case of more details with respect to algorithm working, please reach out to SailPoint service .
HTH!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
