We have a use case (Self-Service Access Request), where the user request a multiple additional role separately in SAP HANA via access request.
However, some composite roles are not added to the user’s account in SAP, and then after identity refresh the missing role is now added, but the current/existing role is removed, and based on the SAP logs, the SailPoint service account is deleting the role.
Any advice or solutions that could help?
Thank you!
Can you check if there is any criteria defined in the roles and access profiles which is causing the role to be removed. Also validate once in the search if the roles which are requested are correctly provisioned and the status is showing as completed.
And yes share some more details to provide suggestions by anyone.
) Requested 1 composite role, Trigger manual aggregate in SAP HANA, then upon checking in the event, no multiple event of modify account.
Role A - Added to User Account
) Requested 2nd composite role (Role B), no manual aggregation in SAP HANA, then upon checking, there are multiple events of modify account.
Role A - Added to user Account
Role B - NOT Added to user Account
3.) Requested 3rd Role (Role C), no manual Aggregation run in SAP HANA, then upon checking, there are multiple events of modify account.
Role A - Added to user Account
Role B - Added to user Account
Role C - NOT Added to user Account
We observed that the last composite role requested is not being added to user’s account. It will be only added if there is an additional composite role requested.
And, we asked the client to checked on the SAP logs, it seems that our Service Account is deleting the role, so SailPoint is trying to add again the Role, but only the previous role was added and after an identity refresh, the Role C is now Added but Role A and Role B was removed, and after another identity refresh, Role A and Role B is now added again, but Role C is removed. This is now the current behavior.