When a new role is assigned to a user, what happens to their existing access?

When a new role is assigned to a user in SailPoint Identity Now, existing access gets combined with the new role. This means that the user retains their current permissions and access rights while also obtaining the benefits and privileges that come with the new role. This ensures that users can perform their tasks effectively without losing previously established access needed for their job functions.

Combining existing access with new role assignments supports a more seamless transition into new responsibilities and prevents disruption in a user’s ability to perform their work. This approach also maintains continuity of access rights, allowing for a more holistic management of user permissions, which can be crucial in environments with dynamic role changes.

Other choices do not accurately reflect this mechanism; for instance, completely removing existing access would hinder user functionality, while suggesting that old access does not influence new access overlooks the integrated approach that Identity Now embodies in managing roles and permissions. Similarly, requiring users to choose which access to keep would unnecessarily complicate access management and could lead to discrepancies in entitlement visibility.