Access Request Remove Visibility to Roles user is already assigned

miguelgrilo · June 18, 2025, 10:39am

IIQ 8.4

Hi! Currently trying to configure the SelfService page. Mainly using Quicklinks to do so. I am reaching a satisfying point, however! I am not being able to disable visibility to roles the user is already assigned! User can view it, and only understands that the role is already assigned once he/she presses the role and gets a yellow warning message “the item you are trying to select is already assigned”.

Any help? Thanks in advance

haideralishaik · June 19, 2025, 8:48am

hi @miguelgrilo

You can hide roles already assigned to a user in the SelfService Quicklink by using an Identity Selector Rule on the Quicklink population. This rule filters out roles that the requestee already has, so they won’t appear in the selection list.

For extra control, you can also use a Before Provisioning Rule to remove already assigned roles from the provisioning plan—just in case something slips through.

miguelgrilo · June 20, 2025, 8:52am

Hi Shaik! First of all, thanks for the reply.

I am using IIQ 8.4, I don’t see any Identity Selector Rule can you try and be more explicit given that I am using IIQ 8.4?

Is it in Quicklink Populations > Self Service > Configuration > Membership? (…) > Configuration > Who can members request for? (…) > Configuration > What can member request?

Thanks in advance

haideralishaik · June 20, 2025, 9:09am

hi @miguelgrilo

Under membership> change it to rule

Click on Edit Rule> RuleType: IdentitySelector

Hope this helps!

miguelgrilo · June 20, 2025, 1:53pm

Hi Shaik. Not clear yet, sorry!

I need to give the rule a name, and need to give it source code? I never coded rules… I simply want to hide accesses a user already has! Why do I need to make a rule for this?

I would expect not to create any code for this, in the future… nevertheless how can I achieve this with the rule?

Thanks in advance, and thanks for the quick replies!

haideralishaik · June 20, 2025, 2:19pm

hi @miguelgrilo

I totally get it! In many cases, you don’t need a rule SailPoint can hide already-assigned accesses through configuration.

But if that’s not working in your setup, a small rule helps apply that logic dynamically.

miguelgrilo · June 20, 2025, 2:33pm

But can you please provide me the way to do it? Ideally the configuration UI way? If this is not possible, how should I configure that rule?

Topic		Replies	Views
How to Prevent Role Requests for Already Detected Roles in Self-Service (IIQ 8.3) IIQ Discussion and Questions identityiq , roles	1	77	February 10, 2025
Excluding the entitlement from Remove access page IIQ Discussion and Questions	2	1331	December 9, 2021
How to configure to request for entitlement only in the access request page in IIQ? IIQ Discussion and Questions identityiq , access-requests	7	322	June 21, 2024
IIQ Roles UI customize IIQ Discussion and Questions identityiq , roles	7	370	May 1, 2024
Hide Active identities on Manage User access(Request) form IIQ Discussion and Questions identityiq , access-requests	4	186	August 10, 2024

Access Request Remove Visibility to Roles user is already assigned

Related topics