Purpose of <Exceptions> tag under Identity

Which IIQ version are you inquiring about?

8.4

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

NA

Share all details about your problem, including any error messages you may have received.

Hello Everyone,

I have seen this Exceptions tags under Identity objects, under which includes information regarding entitlements assigned to the identity.

I have noticed, whenever an Identity doesn’t have this tag present, their entitlements are NOT coming under certification. If I add the tag manually for an identity and then trigger the certification, I can see all the entitlements in the certification.

My questions are:

  1. What does Exceptions tag do?
  2. Is above mentioned behavior with certifications expected?

Thanks

Hi @zeel_sinojia,

The Exceptions tag in Identity objects holds a collection of entitlements assigned to the user that are not part of any defined roles. This tag captures entitlements that do not align with the detected roles, providing a clear view of any additional access the user has.

Regarding the behavior with certifications, it is expected. When an identity lacks the Exceptions tag, their entitlements are excluded from the certification process because the system does not recognize any non-role-based entitlements to review. By manually adding the Exceptions tag and then triggering the certification, you enable the system to include those entitlements in the review.

Regards,
Arun

3 Likes

Now I get it.

Thank you Arun!

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.