Idea ID: 2873891

Technical Role - Add Permission with dynamic value (resource)

Status: Needs Clarification

Would like to go over this idea with you, please suggest some time slot to have the discussion around this. Thanks

See status update history


please add the possibility to add permissions with dynamic values (for example an group membership resource/entitlement) to technical roles. Currently you can request the permission, but you can not add the permission to a technical role.



Parents Comment Children
  • Technical it is possible, but one of our customers has more than 30 roles with 3-4 different AD Groups each and I don't want to create static ressources for each AD group to only use them in the Identity Governance. So yes, as a workaround this would work even this could be a pain to monitor and manage.

    Since there is an option to request dynamic ressource I thought it would also be possible to add dynamic ressource (of course the assignment itself would be static) to a technical role

  • Hello,
       "Dynamic" Permissions (for example an IDM Resource that is associated to an Entitlement that is configured for the value to be set at assignment time), currently can not be utilized with at least the following areas:

    Business Roles
    Technical Roles,
    Separation of Duties (SoD)

    Only "Static" Permissions can be utilized in the above areas (and a few more).

    One can request a "Dynamic" Permission in Access Request, because at Request time we present the necessary fields to be populated.

    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity