Please share any other relevant files that may be required (for example, logs).
NA
Share all details about your problem, including any error messages you may have received.
Hello Everyone,
I have seen this Exceptions tags under Identity objects, under which includes information regarding entitlements assigned to the identity.
I have noticed, whenever an Identity doesn’t have this tag present, their entitlements are NOT coming under certification. If I add the tag manually for an identity and then trigger the certification, I can see all the entitlements in the certification.
My questions are:
What does Exceptions tag do?
Is above mentioned behavior with certifications expected?
The Exceptions tag in Identity objects holds a collection of entitlements assigned to the user that are not part of any defined roles. This tag captures entitlements that do not align with the detected roles, providing a clear view of any additional access the user has.
Regarding the behavior with certifications, it is expected. When an identity lacks the Exceptions tag, their entitlements are excluded from the certification process because the system does not recognize any non-role-based entitlements to review. By manually adding the Exceptions tag and then triggering the certification, you enable the system to include those entitlements in the review.