Apologies if this has already been asked. I haven’t been able to find details on this.
What are the use cases and differences between adding an Access Profile to grant as part of the LCS vs. a role that uses the LCS to assign an access profile?
Under Identity Profile → Provisioning, You can Grant Access Profiles for a Life cycle status. But there is no remove Access profiles. If user LCS changes, does the same Access Profiles will be removed ? I think it won’t remove.
But in Role which can use LCS as assignment criteria can add and remove.
1 Like
I concur, AP are not removed during LCS changes, so use roles instead.
1 Like
Hi Sean,
Hope you are doing well.
To answer your question, if you don’t have additional criteria and want to grant user an Access Profile purely based on LCS, it’s better to assign it via LCS Provisioning. The user will get the access and retain it while they are in the same LCS. As soon as the LCS changes, the access will be removed.
In cases where you have additional criteria like combination of LCS, job code, department, user type etc involved for granting access, it’s better to go with roles.
Yes, as @sharvari mentioned, AP gets removed when LCS changes as per the documentation.
However, I have not see any clients of mine using AP inside Identity Profile, would like to test this.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.