When using Role Insights to create roles, is it necessary to remove all birthright access items from the role that it creates? As most of you are probably aware, it will show several birthright items because, obviously, everyone shares them. If I don’t remove them, or if I mess up and miss one or two, will it cause any problems?
Role insights is to understand and analyze the Roles that we can automate instead of manual access requests.
Birthright access is already configured for all Identities already, so I would say, no need to create roles for them again.
Hi Krishna,
Thank you for your response.
I have been identifying roles by filtering based on isactive and primaryrolecode. Typically, users with the same role have identical access. Consequently, role insights showed 100% popularity matches for users, but it also included birthright access items.
My question is: When building these roles, is it crucial to meticulously remove all birthright access? If there is an overlap between the new role and the birthright items that users already have, could this pose a problem? I want to avoid any foreseeable issues.
I suspect that for some users, these new roles will be provisioned to their identity based on primaryrolecode, resulting in overlapping access. However, I don’t believe this will cause any harm. I am seeking clarification to ensure everything is clear.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.