Hi All,
I have a requirement where we need to configure Business Roles. It has IT roles grouped together with two categories together - Auto-assigned (Required) and Request-based(Permitted). How do I group this in a single role in ISC. Please suggest a high-level solution. Eg BizRole 1 has IT Role1, IT Role 2 - should be auto-assigned and IT Role 3 - should be request based. Thanks
Hi @nmuthusamy
This requirement is not achievable directly through a single role configuration. However, by implementing Segments, the “permitted” access model can be achieved effectively.
IT Role is IIQ Terms. Are you talked about IIQ or ISC ?
I am validating the feasibility to configure the above scenario in ISC; With ISC I shall put this way within one role, can I configure one entitlement/access profile as automatic assigned and another entitlement/AP as request based. Thanks
Each access item configuration is independent.
You can configure:
A Business Role (BizRole)
Add Access Profiles (equivalent to IT Roles in IIQ): IT Role 1, IT Role 2, IT Role 3
You can configure both access requests and automated assignment for your Business Role.
You can also configure access requests and required approvals for a specific Access Profile (for example, IT Role 2).
During an access request:
A user can request IT Role 2.
Once requested, ISC checks whether the user already has the Access Profile (whether it was assigned through an automated Business Role or through another access request). If the user already has it, the request is ignored.
The Business Role (BizRole) is assigned automatically, ignoring any access request configuration or approval settings defined at the individual Access Profile level.
Maybe I don’t quite understand the requirement, but have you made it so that the role auto assigns in the “Assignment” tab, and then also enabled access requests? I think in this way it is both auto-assign when the criteria are met, and requestable.