I’m working with a client who was interested in using role comp certs for their RBAC program. We were looking at them and their experience does line up with the documentation but I’m curious the reasoning why the tool functions the way that it does.
When an access profile or entitlement is revoked from the role, it opens a task for manual remediation instead of being automatically processed even when the certification is performed by the role owner.
Why is that?
Hi @WyssAJ01 ,
As per my experience I believe this process addresses Risk and Impact Assessment , SoD , Potential Downstream Effects ensure control and oversight, minimizing unintended consequences or risks associated with automatic entitlement removal from roles.
I started to write back to say that I agreed with Prashanth that probably this was done to prevent unintended downstream consequences and give some examples. However, I remembered this section:
So now I am back to a more governance thought - maybe you need to review the change against your SoD rules, review any active role discovery, or submit to a change board.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
