Idea ID: 2858331

Application Permission Review with Role Exclusion

Status: Under Consideration

Under Consideration

See status update history

Hi,

We are looking to launch permission review campaigns for permissions outside of a defined role, specific to an application.

  1. We will create business roles which will include permissions from a variety of applications;
    1. Example
      1. Business role “Accounting” includes permission A,B,C from Application1
  2. We will assign the role to specific users;
    1. Example:
      1. Bob is assigned business role “Accounting”
  3. We will launch a permission review campaign for one specific application;
  4. We would like the campaign to include only non-approved permissions for the users who have been assigned to a role;
    1. Example:
      1. Bob is assigned permission A,B,C,D for Application1.

        For the Application’s user & permission review, Bob will only be audited for permission D. Permission’s defined in business role “Accounting” is excluded.

  5. Other users should be audited against all of their permissions for the app in question.

We currently do not see this option within Identity Governance.

Thank You.