Idea ID: 2873891

Technical Role - Add Permission with dynamic value (resource)

Status: Needs Clarification

Would like to go over this idea with you, please suggest some time slot to have the discussion around this. Thanks

See status update history


please add the possibility to add permissions with dynamic values (for example an group membership resource/entitlement) to technical roles. Currently you can request the permission, but you can not add the permission to a technical role.



Parents Comment Children
  • In the IDM we have one dynamic resource for ActiveDirectory Groups. In the IG (we are using the IDM AE Permission Collector) we have this resource as a permission.

    If I request this permission in the self service I can select which specific ActiveDirectory group I want to request (as it should be)

    But it is not possible (checked again with version 3.7.3) to assign this AD group permission to a technical role. The permission doesn't show up in the search window and from that I can tell all the permissions with dynamic values are not shown and therefore can't assigned to a technical role.

    Regarding the use case: We only wanted to assign a ActiveDirectory group to a technical role , so when an user will request this role he also will get a specific AD group.