Automatic request policy assignment

Working on configuring the request UI within IG for a client.  There is a significant number of permissions in the catalog and we do not want to open them all up for request, however, we also don't want to have to individually select each permission to assign to a policy.  We want to be able to create blanket policies, such as "all permissions assigned to this application" are available for request.  While this is pretty straightforward to add all of those values to the request policy, the issue is that each time a new permission is created, we will have to identify it and add it to the policy.  On the flip side, there is the "catchall" policy, but this will make all permissions in our catalog requestable.

What we are looking to do is either find a way to exclude permissions from being requestable to exclude them from the "catchall" request policy, or find a way to collect the request policy.  I found the hide from catalog attribute, but that removes the permissions from access reviews as well.  Is there an attribute that will keep them available for reviews, but hide them from the request interface?

  • I think there is at least one feature request around this. It would be nice if we could use a governance insight or a data policy to look for permissions without a requestPolicy assigned, (we could manage them a little better then). But it would in fact be even nicer if there was a dynamic way to assign permissions to a policy.