AndrewM.77846 (Customer) asked a question.
We've started rolling out bundles alongside policy roles within our environment and started noticing the following behavior:
If a bundle is used to assign entitlements, it prevents policy rules from assigning further entitlements.
Example:
We've created a Salesforce/OIG integration. We created a bundle containing entitlements consisting of Licensing, Profiles, and Permission Sets. We've also created Policy Rules with Role entitlements to be assigned to users. If a user first receives entitlements via bundle, the policy rule entitlements (in this case Role) do not apply. But if the policy rule entitlement is assigned first, then the bundle entitlements get assigned without issue.
Not sure if this is expected behavior? If so, any way to get policy rules to take precedence over bundles?
Thanks!
@AndrewM.77846 (Customer) Hey Andrew great question! It depends on a few factors. Best practice is to assign the user via group to the application first. This will apply any policies to the user. What I do at this point is assign the required profile to the users via policy. Then any additional entitlements they can request via an Access request. If you do it in this order, future changes to policies will apply.
If the user is assigned custom or via an Access Request they will be seen in custom mode and no future policies will apply.
Thanks
Christian