IG: Deprovisioning of granted Permissions by Business Role modification

Idea ID 2779834

IG: Deprovisioning of granted Permissions by Business Role modification

IG 3.0 seems not to provide a mechanism that causes deprovisioning of a granted permission that is deleted from a Business Role. There must be a way to achieve this. Sample:

- Business Role BR authorizes Permission P1 and P2 and is configured for automatic provisioning
- P1 and P2 are configured for automatic grant and revoke
- all BR members have been provisioned with P1 and P2

- now P2 shall be removed from BR
- whatever you do today (delete P2, set P2 validity end date) will not deprovision P2 from the BR
members

Removing a Permission or Role or nested Business Role from a Business Role should cause appropriate deprovisioning actions.
2 Comments
Absent Member.
Absent Member.
It would be great to have this functionality but as an optional. I understand in some use cases, the permission should be removed from the user if removed from BR but in some situations, this action would not be the expected behavior.
Micro Focus Contributor
Micro Focus Contributor
I would expect that removing at least a permission that is marked "mandatory/ automatic grant and revoke" gets deprovisioned. You might change it to e.g. "mandatory/ no automatic grant and revoke" before removing it if you don't want that. Or add a dialogue asking how the permission should be handled.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.