I have run into an interesting case where we have a Source for Assignments in SecZetta. The user has 2 active assignments for SecZetta that are both populating on the Cube. We have role being built out to add the needed access based on the assignment that a user has. The issue we are running into is that when the Role Engine runs it appears that it is doing a first valid when applying the roles.
In this example the user should of had both roles assigned to them. The logic being used by the 2 roles is rather open and should catch the user with the two accounts. The logic is working as expected when a user has 1 assignment. Any ideas why this would be happening?
Sailpoint documentation when user has multiple account on a source:
When an identity has multiple accounts on a source, you can specify the criteria for determining which of the user’s accounts should receive the access in automated provisioning. These criteria are not applied for users with only one account on the source.