Idea ID: 2873891

Technical Role - Add Permission with dynamic value (resource)

Status: Needs Clarification

Would like to go over this idea with you, please suggest some time slot to have the discussion around this. Thanks

See status update history

Hello,

please add the possibility to add permissions with dynamic values (for example an group membership resource/entitlement) to technical roles. Currently you can request the permission, but you can not add the permission to a technical role.

BR

Tobias

Parents
  • Thank you for submitting the idea. We need more clarity on exact use case to be able to evaluate it further. 

    We will await your input regarding the same.

  • In the IDM we have one dynamic resource for ActiveDirectory Groups. In the IG (we are using the IDM AE Permission Collector) we have this resource as a permission.

    If I request this permission in the self service I can select which specific ActiveDirectory group I want to request (as it should be)

    But it is not possible (checked again with version 3.7.3) to assign this AD group permission to a technical role. The permission doesn't show up in the search window and from that I can tell all the permissions with dynamic values are not shown and therefore can't assigned to a technical role.

    Regarding the use case: We only wanted to assign a ActiveDirectory group to a technical role , so when an user will request this role he also will get a specific AD group.

Comment
  • In the IDM we have one dynamic resource for ActiveDirectory Groups. In the IG (we are using the IDM AE Permission Collector) we have this resource as a permission.

    If I request this permission in the self service I can select which specific ActiveDirectory group I want to request (as it should be)

    But it is not possible (checked again with version 3.7.3) to assign this AD group permission to a technical role. The permission doesn't show up in the search window and from that I can tell all the permissions with dynamic values are not shown and therefore can't assigned to a technical role.

    Regarding the use case: We only wanted to assign a ActiveDirectory group to a technical role , so when an user will request this role he also will get a specific AD group.

Children
No Data