Business Role granted for 6 months only

We want to create a Business Role which is Auto Granted and Auto revoked for users with certain Job Titles, however the role must be granted only for 6 months of training period and then revoked automatically after the training period. This is a birthright role, so needs to happen automatically. Any suggestions?

  • 0  

    This is an interesting use-case.  

    I don't think you can achieve this with a Business Role.   BR's are bound by attributes on a user, not by time.   The Start/End time of assignments that were added in the product are tied to the request process, and it generates a change request for the initial assignment and a change request for the removal in the future.   You *might* be able to accomplish this with a data policy that detects the training period for a user and runs a workflow that would generate the two requests.  I haven't seen a workflow do this yet, but you essentially need to kick off a request process on behalf of the user, and probably auto-approve it, and insert a end-date for the access, but the end result should be two change requests in the system.

    Alternatively, you could manage their training period with an out-of-band attribute or permission in another system (perhaps where the identities come from) and use a job or task to update the attribute at the right time frame.  Then you could react to those changes with a business policy.  None of that config to manage it somewhere else would be in scope for IG though.  

    --Jim

  • 0 in reply to   

    Thanks Jim for replying back. We are looking to process this automatically without any manual step required to enter any request.

    I was looking at different options available, I see there is a way to add a formula that I can use. I tested with 2 days and it worked, so I am assuming it would also work for 180 days.

    A user is a member if they satisfy ANY of the criteria:
    Effective all the time:
    Title matches 'Assoc. Property Claims Rep' and Identity Onboarding Date greater than current_timestamp - ((2 * 24) * 60) and Employee Status not equal to 'T'
  • 0   in reply to 

    Ahh, I didn't think of using onboarding date.  That is brilliant!   This should totally solve the use-case.  Great idea!

    --Jim