Hello “Revoke Assignment” from a role does not remove the entitlements. Here are the steps: Select the identity Click on “access” from left menu and then select the role from the “roles” tab Click on “Assignment“ from the left menu and then “Revoke Assignment“ button on top right The event log …

By chance did the identity have these entitlements before being assigned the role? I’ve seen circumstances like that where they didn’t get removed. Similarly if you remove an entitlement from a role, I remember it not removing that from the identities assigned the role

Alternatively, if role is granted via some criteria, you will have to change the role assignment criteria not to target that certain identity, and run the processing (which might not be convenient if you have more identities falling into the same criteria), as @mcheek is correct.

No it did not have the entitlements before the role was provisioned

@schattopadhy that feature is not enabled. Per the docs: “Role Change Propagation provides the ability to configure ISC so that when access rights are removed from a Role definition, the corresponding access assignments are removed from users who have the Role assigned.“ But that’s not what my iss…

Hi @mario_rod Sounds like expected behaviour. ISC won’t remove entitlements if the Identity is assigned them via another role.

Revoke Assignment not deleting entitlements

Identity Security Cloud (ISC) ISC Discussion and Questions

baoussounda (Ousmane N'DIAYE) January 25, 2026, 9:23am 3

Hi @mcheek

Regarding this statement : “Similarly if you remove an entitlement from a role, I remember it not removing that from the identities assigned the role“

==> This is now supported as described here : New Capability: Role change Propagation - Announcements / Product News - SailPoint Developer Community

2 Likes

Topic		Replies	Views
Entitlement is getting added back even after role revocation ISC Discussion and Questions workflows , identity-security-cloud	12	205	June 24, 2025
Role Entitlement Removal ISC Discussion and Questions identity-security-cloud , provisioning , roles , access-profiles , entitlements	16	2246	September 28, 2024
Entitlements Are Not Being Removed When a Business Role Is Auto Unassigned via an Assignment Rule IIQ Discussion and Questions identityiq , entitlements	11	272	November 17, 2024
By eliminating an entitlements (via rule) this persists in the entitlements of the identities IIQ Discussion and Questions identityiq , roles	7	135	February 7, 2025
Role revoke VS account entitlements ISC Discussion and Questions workflows , identity-security-cloud , provisioning , entitlements	3	64	January 24, 2026

Revoke Assignment not deleting entitlements

Related topics