Hi,
We are looking to launch permission review campaigns for permissions outside of a defined role, specific to an application.
- We will create business roles which will include permissions from a variety of applications;
- Example:
- Business role “Accounting” includes permission A,B,C from Application1
- Example:
- We will assign the role to specific users;
- Example:
- Bob is assigned business role “Accounting”
- Example:
- We will launch a permission review campaign for one specific application;
- We would like the campaign to include only non-approved permissions for the users who have been assigned to a role;
- Example:
Bob is assigned permission A,B,C,D for Application1.
For the Application’s user & permission review, Bob will only be audited for permission D. Permission’s defined in business role “Accounting” is excluded.
- Example:
- Other users should be audited against all of their permissions for the app in question.
We currently do not see this option within Identity Governance.
Thank You.