Overview
Maintaining up-to-date roles in response to changing access needs, ad-hoc requests, and evolving organizational structures is a complex and ongoing process. Roles frequently become outdated, and the access they grant may no longer be relevant. Saviynt’s Detective Roles jobs can reassign access that is no longer needed by the organization. Not maintained, role definitions can inaccurately reflect user roles, leading to erroneous access reviews. This solution automates the removal of unnecessary roles and assigns new ones based on users’ current access. It also supports customers migrating from legacy systems to Saviynt, facilitating role bootstrapping by accurately assigning roles based on available entitlements
In essence, this Solution addresses the following situations required to align roles for efficient governance controls.
a) An application onboarded into Saviynt with pre-existing access: Their entitlements will be visible in Saviynt, but the role made up by those entitlements will not be automatically assigned to the users.
b) Updating Roles Definition: You areusing Saviynt for governance controls such as access review, however application access provisioning is not configured yet for those applications. Someone or something else takes care of the provisioning. In such a case, the roles are not maintained in Saviynt. Entitlements assigned to users are maintained, however roles are not deduced automatically leaving users without the roles and users with role assignment they should not have. This functionality helps to improving Role Certification for non-managed applications.
c) Align Roles as per User’s Access: An end-user who is granted the entitlements of a role through an unauthorized backdoor or unauthorized process, is an access violation. Such violation will remain undetected.
In essence, this Solution addresses the following situations required to align roles for efficient governance controls.
a) An application onboarded into Saviynt with pre-existing access: Their entitlements will be visible in Saviynt, but the role made up by those entitlements will not be automatically assigned to the users.
b) Updating Roles Definition: You areusing Saviynt for governance controls such as access review, however application access provisioning is not configured yet for those applications. Someone or something else takes care of the provisioning. In such a case, the roles are not maintained in Saviynt. Entitlements assigned to users are maintained, however roles are not deduced automatically leaving users without the roles and users with role assignment they should not have. This functionality helps to improving Role Certification for non-managed applications.
c) Align Roles as per User’s Access: An end-user who is granted the entitlements of a role through an unauthorized backdoor or unauthorized process, is an access violation. Such violation will remain undetected.