Entitlements Tab
The View Identity > Entitlements tab lists all of the roles and entitlements for the selected user.
By default, the identity's direct access is shown. You can select the Effective Access button at the top right to see the identity's effective access. Effective Access is any indirect access that is granted through another object, such as group membership, another role, or an unstructured target.
You can use Advanced Search for both roles and entitlements, to find access based on a variety of criteria, such as how it was assigned, whether is has been requested or is pending approval, and whether it has been certified.
The entitlements tab includes two sections: Roles and Entitlements.
Roles
A list of roles that were detected or assigned to the user manually or through role assignment rules. The Acquired column indicates whether the role was assigned or detected. Assigned roles are typically business-type roles that model how users are grouped by business function, including functional hierarchies, project teams, or geographic location. Detected roles are roles that are detected by IdentityIQ during the aggregation and correlation processes based on the entitlements assigned to an identity.
If an activation or deactivation date is defined for the role it is displayed in a message box below the role name.
|
Column Name |
Description |
| Name | Name of the role. Select the name to view detailed information about the role |
| Description | Brief description of the role. |
| Classifications | If the role has a classification that categorizes it as potentially allowing access to sensitive, protected, or otherwise significant data, an icon is shown to flag the classification. |
| Assigned By | The user that assigned this role to the identity. |
| Allowed By | The assigned roles that permit a user to have this role, either directly or indirectly. A direct permission is one in which the assigned role is a member of the permitted role. An indirect permission is one in which the assigned role is on the permitted list for the assigned role. |
| Acquired | How the role was acquired: assigned or detected. |
|
Application |
The application associated with the role. |
|
Account Name |
The application account the role is mapped to. |
Entitlements
A list of the applications that have entitlements to which the identity has access. Click the entitlement or application name to view the entitlement details, if available.
When an information icon is displayed, you can hover over it to view more details.
If the entitlement has a classification that categorizes it as potentially allowing access to sensitive, protected, or otherwise significant data, an icon is shown to flag the classification
Select Show only additional entitlements to limit the list to entitlements that are not included in a role that has been assigned to or detected for the user.
Note: If any of the displayed roles or entitlements has elevated access, they will have the Elevated Access icon next to the name or entitlement. See