Skip to content

Creating a What If Simulation

Create a What If simulation to simulate the access risk impacts that would occur based on role assignment changes.

  1. From the left navigation, select What If Analysis - NEW.

  2. At the top right, select Create New Simulation +.

  3. On the Create New Simulation page, under Rulebook, use the dropdown to select which rulebook to run the analysis against.

    Create new simulation screen

  4. Use the Role ERP System dropdown to select the ERP system you want to select roles from, if different than the currently selected Access Risk Management system. This allows you to simulate granting access for a role that has not yet been released to the currently selected system; for example, a role that is still in development.

  5. In the Users Selection pane, you can choose to simulate a new user or add one or more existing users.

    • To simulate a new user without any roles associated, select the checkbox next to New User.
    • To add existing users, select + Add Users to see the Users Selection window.

    Users selection table

    Note

    The user(s) must exist in the currently selected Access Risk Management system.

  6. If you selected + Add Users, use the Users Selection screen to:

    • Filter users by username, full name, user group, and/or user type. Select the Filter icon in the column you want to use, then add filter criteria.
    • Search for users by entering criteria in the Search field, then selecting the Search icon .
    • Add all users by selecting + Add All.
    • Specify user to include by selecting + next to individual username.
    • Add users by entering a comma- or line-separated list of UserIDs in the field at the bottom of the screen and selecting + Add.

    When you have finished adding users, select X to close the window.

  7. Use Roles Selection to specify the role changes to simulate by removing existing roles and/or adding new roles to the users you've selected.

    • Remove Existing Roles - Select roles to remove from the selected users.
    • Add Roles - Select roles to give to the selected users.

    Roles selection table

    Important

    You must select users before you can assign or remove roles.

  8. If you selected Remove Existing Roles, use the Roles Selection window to remove roles by:

    • Filtering users by role name, username, role location, or description. Select the Filter icon in the column you want to use, then enter filter criteria.
    • Searching for roles by entering criteria in the Search field, then selecting the Search icon .
    • Adding all currently displayed roles with any applicable filters by selecting Add All.
    • Specifying role(s) to remove by selecting next to individual role name(s).

    Note

    If you simulate changes to more than one user and a given role is assigned to more than one selected user, you will see a different entry for that role for each user it is assigned to. Be sure to inspect the Username column.

    When you have finished selecting roles, select X to close the window.

  9. If you selected + Add Roles, use the Roles Selection window to add roles by:

    • Filtering users by role name, role location, and/or description. Select the Filter icon in the column you want to use, then enter filter criteria.
    • Searching for roles by entering criteria in the Search field, then selecting the Search icon .
    • Adding all currently displayed roles with any applicable filters by selecting + Add All.
    • Specifying role(s) to remove by selecting + next to individual role name(s).
    • Add roles by entering a comma- or line-separated list of UserIDs in the field at the bottom of the screen and selecting + Add.

    Note

    The delimited list feature supports up to 100 items at a time.

    When you have finished selecting roles, select X to close the window.

  10. To remove users or roles from your lists, use the Delete icon to remove individual users or roles, or select Clear to remove all selected roles.

    Note

    The Role Change Type column shows Remove Role or Add Role for each role in your simulation.

Running an Analysis

After setting parameters, you’re ready to run the analysis. Select View Real-Time Summary or Schedule Technical Report.

View Real-Time Summary is a real-time, high-level risk summary, showing the risk level information, without authorization details, that the user would have after the role changes. From here, you still have the option to Schedule a Technical Report if you would like.

Note

Real-Time Summary results are not retained and are visible only when you run the simulation. You may screenshot the results or use the Schedule a Technical Report button if you need to retain evidence of the simulation for future compliance documentation purposes.

Schedule Technical Report allows you to run a full analysis in the background that includes business functions, roles, profiles, and authorization details with an option to export a .csv file of the What If analysis results. This option redirects you to the Activity History dashboard where you can monitor job progress and access the results once the report is ready.

You may also view or export the results at a later time by returning to the main grid of What If analysis where you initially scheduled the simulation.

Note

User What If analysis export is available as a .csv file only.

View or download your analysis on the What If Analysis page.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.