Identity Governance (IG): IG: Deprovisioning of granted Permissions by Business Role modification

IG 3.0 seems not to provide a mechanism that causes deprovisioning of a granted permission that is deleted from a Business Role. There must be a way to achieve this. Sample:

- Business Role BR authorizes Permission P1 and P2 and is configured for automatic provisioning
- P1 and P2 are configured for automatic grant and revoke
- all BR members have been provisioned with P1 and P2

- now P2 shall be removed from BR
- whatever you do today (delete P2, set P2 validity end date) will not deprovision P2 from the BR
members

Removing a Permission or Role or nested Business Role from a Business Role should cause appropriate deprovisioning actions.

by: Klaus S. | over a year ago | Other

It would be great to have this functionality but as an optional. I understand in some use cases, the permission should be removed from the user if removed from BR but in some situations, this action would not be the expected behavior.

by: Hugo H. | over a year ago
I would expect that removing at least a permission that is marked "mandatory/ automatic grant and revoke" gets deprovisioned. You might change it to e.g. "mandatory/ no automatic grant and revoke" before removing it if you don't want that. Or add a dialogue asking how the permission should be handled.

by: Klaus S. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

9

IG: Deprovisioning of granted Permissions by Business Role modification

Comments