Query on Assigned Roles

Hi Folks,

Need help to understand following scenario:

We have created a role with direct entitlement (i.e. not included any access profile) without any assignment criteria. There are 10 users having this entitlement as a part of the application. So we are expecting those 10 users should have this role assigned to them.

But when we execute search query @access(displayName:“<Role_Name>”) no identity is coming up and if we run query as @access(displayName:“<entitlement_Name>”) all 10 users are showing up.

Also, in Access Model → Role → when we search with role name, it shows identities as 0.

Does this mean that, even users have all the entitlements of the role that role will not be assigned to user automatically?

Yes, roles will not automatically assigned to the identities. ISC roles are assigned role and not detected, only access profiles are detected. So, you might need to add roles on identity via access request or via API

you can also configure criteria in role like based on which attribute or condition role should be assigned automatically. Also enable the role.

Yes, Roles won’t be detected like access profiles we need to assign it, if you don’t assign it via standard criteria, you may use Identity List option to assign it manually.

Managing Roles - SailPoint Identity Services