Toxic entitlements
Last updated
Last updated
When one speaks about toxic entitlements, the situation is highlighted where a combination of two or more specific entitlements are seen as dangerous or toxic.
In that case, next to immediate reporting, automatic or manual intervention should occur to resolve the toxic situation.
Configuration of toxic entitlements is found via the menu, governance tab and then entitlement conflicts.
You can define two entitlements, indicate if the entitlement assignment is cross organisation or not, and the conflict resolution method.
Following resolution methods are configurable with their description:
This process is managed by a schedulers in the schedulers section and the frequency can be configured there. Note that the role of the conflict resolver is also configurable in the scheduler.
REPORT_TO_CONFLICT_RESOLVER
Sends a notification to all conflict resolvers
DELETE_FIRST_ENTITLEMENT
Deletes the first entitlement assignment
DELETE_SECOND_ENTITLEMENT
Deletes the second entitlement assignment
DELETE_BOTH_ENTITLEMENTS
Deletes both assignments
DEACTIVATE_IDENTITY
Deactivates the identity
