I want to create a review campaign but for specific entitlement which belongs to specific SoD rules.
Is that possible ?
Here's a thought- You could do an advanced filter on the application roles- looking for them in the SoD buckets tables. These tables contain all of the application roles in scope for the particular rule.
approles.id in (select ent_id from T_AV_SOD_BUCKET1_ENTS bucket inner join T_AV_RULES rule on rule.id = bucket.rule_id where rule.name = 'RULE_NAME_HERE' and bucket.entitlement_type = 'app-role'UNION ALLselect ent_id from T_AV_SOD_BUCKET2_ENTS bucket inner join T_AV_RULES rule on rule.id = bucket.rule_id where rule.name = 'RULE_NAME_HERE' and bucket.entitlement_type = 'app-role')
Could you please expand on the question more? are you trying to generate a review to understand which users have access to just one specific entitlement?
Within the review definition, the 'Contents' tab determines what access is pulled in to the review. You could click on the default 'All' option against any access type and choose a specific name within. This will restrict the review to pull in access of all users just for access with that particular name. I have included a screenshot below for reference with application roles.
Thanks Manu for your answer.
I wand to generate a rview for a specific entitlement linked to specified SoD rules.
First, which review type are you trying to create? (user access review, account reviews...)
If you are using the user access review, you can go to the review definition and edit
Under the "Content" tab, you can specify which entitlements, from which business source should be included in the review.
I know this, but I was wondering if we can make a filter based on the SoD rule
Is that SOD rule contain app-roles from the same system?
Group IT | email@example.com<mailto:firstname.lastname@example.org> | Tel: +27 11 286 8063 | Cell: +27 76 920 8549
Client Support Centre: +27 11 286 9663 / 0860 110 161 | www.investec.co.za <https://www.investec.co.za/>
“The best way to get started is to quit talking and begin doing.”
Yes that's the case.
I haven’t tried this but this should work.
Under the Content tab, select the two app-roles that form your SOD rule and on top of that, select the below checkbox.
Make sure that the filter criteria is set to “and” not “any” when selecting the two app-roles.
But I want to make this dynamic.
I want to filter the roles from specific SoD .
So If I have SoD1 (high) , SoD2 (low) and SoD3 (medium)
When I configure the preview to show only the roles linked to high SoD, without choosing manually the roles.
I don’t think im following you. Can you please elaborate further?
I explain my request :
- I have defined SoD rules based on application roles. Some SoD rules are considered as critifcal (200 rules)
- I want to define a review only users having application roles part of the critical SoD rules.
I wish, I was clear.
Then include all these app-roles that are part of the rules in the filter criteria ad select the “Violation” check box as per my previous screenshot.
Try and hopefully it can work.
I second Dan's comment above. You would need an advanced query that looks at the SOD bucket tables.
That being said, perhaps an easier method would be to utilize the option within the SOD rule itself to generate the review under 'Actions'. This option might not be suitable if you are targeting 'one' single review that contains all app-roles that belong to a lot of SOD rules.
Screenshot of the option within SOD rule below:
Yes, I think that would be better. Thanks for the suggestion.
Thanks all for help.
Retrieving data ...