Toxic entitlements
When one speaks about toxic entitlements, the situation is highlighted where a combination of two or more specific entitlements are seen as dangerous or toxic.
In that case, next to immediate reporting, automatic or manual intervention should occur to resolve the toxic situation.
Configuration of toxic entitlements is found via the menu, governance tab and then entitlement conflicts.
You can define two entitlements, indicate if the entitlement assignment is cross organisation or not, and the conflict resolution method.
Following resolution methods are configurable with their description:
REPORT_TO_CONFLICT_RESOLVER | Sends a notification to all conflict resolvers |
DELETE_FIRST_ENTITLEMENT | Deletes the first entitlement assignment |
DELETE_SECOND_ENTITLEMENT | Deletes the second entitlement assignment |
DELETE_BOTH_ENTITLEMENTS | Deletes both assignments |
DEACTIVATE_IDENTITY | Deactivates the identity |
This process is managed by a schedulers in the schedulers section and the frequency can be configured there. Note that the role of the conflict resolver is also configurable in the scheduler.
Last updated