Share all details about your problem, including any error messages you may have received.
I have assigned an entitlement to an user using the quicklink Manage user access named Admin, now when i am trying the remove the same access using “Manage user access” quicklink, i am unable to find the entitlement in the “remove access” page. I have confirmed the entitlement has been assigned to use in the target application. I have also tried following method : -
Performed the identity refresh task with “Refresh entitlements for all links” option checked.
Try to run Account Aggregation task for the application and ensure that the entitlements are being pulled correctly and are linked to the user. If this did not work then check the option “Refresh Identity Entitlements for all links” in the “Refresh Identity Cube” task.
Hi @MohamedSaad ,
As mentioned above, i have refreshed identity using the Identity refresh task with the Refresh Identity Entitlement for all links option selected and the results were same. But when i performed the Account Aggregation task i am getting the caution symbol in front of the entitlement as shown below
I see the warning symbol on that entitlement. Can you refresh identity cube with “Provision assignments” option enabled? Also check the logs after the refresh identity task ran, if there are any errors.
as per this screenshot , it seems disconnected entitlement . it happens when iiq is not able to validate this from source . Can you verify in source , that it is actually provisioned or not . if it is then run the aggregation task again , if not check the identity from debug , and see if there is any entry for this in attribute assignment . if it is , then only refresh task will work with provision assignment check .
also from the debug , check the entitlement group for this application and verify the native identity . if the native identity is not correct then also it will not be visible in remove tab .
if the native identity is not correct , then just for testing purpose fix the native identity from backend and see if its working . if it works , then you can further validate why native identity did not get setup properly .
Thanks.
I have resolved the issue of entitlements, now i am getting proper entitlements instead of sticky entitlements, yet in the in Manager user access quick link, in the Remove access tab, i am unable to find the assigned entitlements, even though the values are populated in the target application and identity cube
Hi @Prash373 , Open the Identity XML and check if those group exists in “EntitlementGroup” .
Is this entitlement got assigned as part of Birthright Roles ?
Hi @Prash373, maybe it’s part of a Role, check that and let us know because Full Text Index Refresh task builds and refreshes the index files used for full text searches on defined fields on the access request pages of the Lifecycle Manager.
The index files are rebuilt each time this task is run.
That means if the issue is not related to something else, like Roles (Assignment, BR, etc…), this task will fix it for you, anyways, can you just request an access/entitlement “for the testing purposes” for this user or another user with an entitlement that not related or part from any Role “stand alone” and check again then let us know.
Thank you all, the issue have been resolved. Performed the “Full Text Index Refresh task”, made sure entitlement is not part of any role and also the “Identity refresh” with Refresh assigned, detected roles and promote additional entitlements option, and now i can see the entitlement in the remove access tab.
